99 matches found
CVE-2024-48392
OrangeScrum v2.0.11 is affected by a Cross Site Scripting (XSS) vulnerability due to insufficient input validation, enabling an attacker to inject JavaScript into user emails and potentially take over accounts. Multiple sources (NVD, Red Hat and CNVD entries, CIRCL sightings, and a PoC GitHub rep...
CVE-2024-48392
OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...
Exploit for CVE-2024-48392
CVE-2024-48392 Exploit Overview This rep...
Orangescrum cross-site scripting vulnerability (CNVD-2026-02680)
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum cross-site scripting vulnerability, the vulnerability stems from the application does not properly validate the HTML content to be converted t...
CVE-2023-1783
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
CVE-2023-1783
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
CVE-2023-1783 OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
CVE-2023-1783
OrangeScrum 2.0.11 is vulnerable to a flaw in HTML-to-PDF rendering that allows an external attacker to remotely obtain AWS instance credentials. The root cause is improper validation of HTML content during PDF conversion, leading to credentials leakage (impacting confidentiality). The most expli...
CVE-2023-1783 OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
OrangeScrum 跨站脚本漏洞
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum cross-site scripting vulnerability, the vulnerability stems from the application does not properly validate the HTML content to be converted t...
PT-2023-17241 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
Orangescrum cross-site scripting vulnerability (CNVD-2026-02681)
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which arises when the application returns malicious user input in a response without any...
CVE-2023-0738
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0738
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
Design/Logic Flaw
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0738
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
OrangeScrum 跨站脚本漏洞
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which arises when the application returns malicious user input in a response without any...
PT-2023-16491 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type...
CVE-2023-0738
CVE-2023-0738 relates to OrangeScrum 2.0.11, where an external attacker can obtain arbitrary user accounts. The root cause described across sources is that the application returns malicious user input in responses with content-type text/html, enabling account disclosure via a reflected/input-outp...
CVE-2023-0738
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...