Lucene search
K

99 matches found

CVE
CVE
added 2025/01/21 12:0 a.m.38 views

CVE-2024-48392

OrangeScrum v2.0.11 is affected by a Cross Site Scripting (XSS) vulnerability due to insufficient input validation, enabling an attacker to inject JavaScript into user emails and potentially take over accounts. Multiple sources (NVD, Red Hat and CNVD entries, CIRCL sightings, and a PoC GitHub rep...

5.4CVSS6.2AI score0.00776EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/21 12:0 a.m.7 views

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

5.5AI score0.00776EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2024/10/25 9:0 a.m.99 views

Exploit for CVE-2024-48392

CVE-2024-48392 Exploit Overview This rep...

5.4CVSS9.1AI score0.00776EPSS
Exploits2
CNVD
CNVD
added 2023/06/30 12:0 a.m.4 views

Orangescrum cross-site scripting vulnerability (CNVD-2026-02680)

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum cross-site scripting vulnerability, the vulnerability stems from the application does not properly validate the HTML content to be converted t...

7.6CVSS6.2AI score0.00576EPSS
Exploits1References1
NVD
NVD
added 2023/06/23 10:15 p.m.25 views

CVE-2023-1783

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

7.6CVSS6.5AI score0.00576EPSS
Exploits1References2
OSV
OSV
added 2023/06/23 10:15 p.m.13 views

CVE-2023-1783

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

7.6CVSS6.8AI score0.00576EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/06/23 9:55 p.m.8 views

CVE-2023-1783 OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

6.5CVSS6.6AI score0.00576EPSS
Exploits1References2
CVE
CVE
added 2023/06/23 9:55 p.m.47 views

CVE-2023-1783

OrangeScrum 2.0.11 is vulnerable to a flaw in HTML-to-PDF rendering that allows an external attacker to remotely obtain AWS instance credentials. The root cause is improper validation of HTML content during PDF conversion, leading to credentials leakage (impacting confidentiality). The most expli...

7.6CVSS6.8AI score0.00576EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/06/23 9:55 p.m.26 views

CVE-2023-1783 OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

6.5CVSS7.6AI score0.00576EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.6 views

OrangeScrum 跨站脚本漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum cross-site scripting vulnerability, the vulnerability stems from the application does not properly validate the HTML content to be converted t...

7.6CVSS6.1AI score0.00576EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.4 views

PT-2023-17241 · Unknown · Orangescrum

Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

7.6CVSS7.2AI score0.00576EPSS
Exploits1References5
CNVD
CNVD
added 2023/04/07 12:0 a.m.3 views

Orangescrum cross-site scripting vulnerability (CNVD-2026-02681)

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which arises when the application returns malicious user input in a response without any...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References1
OSV
OSV
added 2023/04/04 11:15 p.m.9 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS7AI score
Exploits0References2
NVD
NVD
added 2023/04/04 11:15 p.m.19 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2
Prion
Prion
added 2023/04/04 11:15 p.m.14 views

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

5.8CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/04 12:0 a.m.6 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.8AI score0.00486EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.6 views

OrangeScrum 跨站脚本漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which arises when the application returns malicious user input in a response without any...

6.1CVSS6.1AI score0.00486EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.8 views

PT-2023-16491 · Unknown · Orangescrum

Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References4
CVE
CVE
added 2023/04/04 12:0 a.m.53 views

CVE-2023-0738

CVE-2023-0738 relates to OrangeScrum 2.0.11, where an external attacker can obtain arbitrary user accounts. The root cause described across sources is that the application returns malicious user input in responses with content-type text/html, enabling account disclosure via a reflected/input-outp...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.20 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.4AI score0.00486EPSS
Exploits1References2
Rows per page
Query Builder