Orangescrum Security Vulnerabilities and Issues — Orangescrum CVE List

cve

CVE-2023-1783

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to...

7.6CVSS

7.4AI Score

0.0005EPSS

2023-06-23 10:15 PM

16

cve

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to...

6.1CVSS

6.2AI Score

0.001EPSS

2023-04-04 11:15 PM

18

cve

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to...

6.1CVSS

6.2AI Score

0.001EPSS

2023-02-09 04:15 PM

13

cve

CVE-2023-0454

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal...

8.1CVSS

7.8AI Score

0.001EPSS

2023-02-01 03:15 AM

24

cve

CVE-2023-0164

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system...

8.8CVSS

8.9AI Score

0.001EPSS

2023-01-18 10:15 PM

21