CVE-2021-47716

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...