4 matches found
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0624
OrangeScrum 2.0.11 is affected by a cross-site scripting vulnerability described across multiple sources. The root cause, as stated, is that the application returns malicious user input in responses with a content-type of text/html, which can allow an external attacker to obtain arbitrary user ac...