Lucene search
K

99 matches found

CNVD
CNVD
added 2023/02/13 12:0 a.m.3 views

Orangescrum cross-site scripting vulnerability (CNVD-2026-02682)

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a cross-site scripting vulnerability that originates when the application returns malicious user input in a response with the...

6.1CVSS6.5AI score0.00486EPSS
Exploits1References1
NVD
NVD
added 2023/02/09 4:15 p.m.13 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2023/02/09 4:15 p.m.14 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.8AI score0.00486EPSS
Exploits1References2
Prion
Prion
added 2023/02/09 4:15 p.m.12 views

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

5.8CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/09 12:0 a.m.7 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

7.1AI score0.00486EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/09 12:0 a.m.14 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.4AI score0.00486EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.5 views

OrangeScrum 跨站脚本漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a cross-site scripting vulnerability that originates when the application returns malicious user input in a response with the...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References3
CVE
CVE
added 2023/02/09 12:0 a.m.41 views

CVE-2023-0624

OrangeScrum 2.0.11 is affected by a cross-site scripting vulnerability described across multiple sources. The root cause, as stated, is that the application returns malicious user input in responses with a content-type of text/html, which can allow an external attacker to obtain arbitrary user ac...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2023/02/09 12:0 a.m.4 views

Orangescrum Path Traversal Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a path traversal vulnerability that stems from the application using an uncleaned attacker-controllable parameter to construct...

8.1CVSS6.8AI score0.00986EPSS
Exploits1References1
OSV
OSV
added 2023/02/01 3:15 a.m.12 views

CVE-2023-0454

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...

8.1CVSS6.6AI score0.00986EPSS
Exploits1References2
NVD
NVD
added 2023/02/01 3:15 a.m.11 views

CVE-2023-0454

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...

8.1CVSS7.9AI score0.00986EPSS
Exploits1References2
Prion
Prion
added 2023/02/01 3:15 a.m.17 views

Path traversal

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...

5.5CVSS7.8AI score0.00986EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-16283 · Unknown · Orangescrum

Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to constru...

8.1CVSS7.8AI score0.00986EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

OrangeScrum 路径遍历漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a path traversal vulnerability that stems from the application using an uncleaned attacker-controllable parameter to construct...

8.1CVSS6.6AI score0.00986EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.14 views

CVE-2023-0454

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...

8.1AI score0.00986EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.6 views

CVE-2023-0454

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...

7.9AI score0.00986EPSS
Exploits1References2
CVE
CVE
added 2023/02/01 12:0 a.m.65 views

CVE-2023-0454

OrangeScrum 2.0.11 is affected by a path traversal vulnerability. An authenticated external attacker can delete arbitrary local files on the server due to an unsanitized attacker-controlled parameter used to construct internal paths. The CVE-2023-0454 entry does not specify a remediation in the p...

8.1CVSS7.8AI score0.00986EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2023/01/30 12:0 a.m.5 views

Orangescrum Operating System Command Injection Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an operating system command injection vulnerability that originates when the application injects an attacker-controlled parameter...

8.8CVSS8.3AI score0.01381EPSS
Exploits1References1
OSV
OSV
added 2023/01/18 10:15 p.m.11 views

CVE-2023-0164

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

8.8CVSS7.5AI score0.01381EPSS
Exploits1References2
NVD
NVD
added 2023/01/18 10:15 p.m.31 views

CVE-2023-0164

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

8.8CVSS8.9AI score0.01381EPSS
Exploits1References2
Rows per page
Query Builder