3 matches found
CVE-2024-48392
OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...
CVE-2024-48392
creationtimestamp| type| source ---|---|--- 2025-01-21 21:15:46+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrkp7vlm2f 2025-01-22 21:02:00+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lgebayyrpe24 2025-01-22 22:02:24+00:00|...
CVE-2024-48392
OrangeScrum v2.0.11 is affected by a Cross Site Scripting (XSS) vulnerability due to insufficient input validation, enabling an attacker to inject JavaScript into user emails and potentially take over accounts. Multiple sources (NVD, Red Hat and CNVD entries, CIRCL sightings, and a PoC GitHub rep...