99 matches found
Orangescrum cross-site scripting vulnerability (CNVD-2026-02682)
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a cross-site scripting vulnerability that originates when the application returns malicious user input in a response with the...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
Design/Logic Flaw
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...
OrangeScrum 跨站脚本漏洞
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a cross-site scripting vulnerability that originates when the application returns malicious user input in a response with the...
CVE-2023-0624
OrangeScrum 2.0.11 is affected by a cross-site scripting vulnerability described across multiple sources. The root cause, as stated, is that the application returns malicious user input in responses with a content-type of text/html, which can allow an external attacker to obtain arbitrary user ac...
Orangescrum Path Traversal Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a path traversal vulnerability that stems from the application using an uncleaned attacker-controllable parameter to construct...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
Path traversal
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
PT-2023-16283 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to constru...
OrangeScrum 路径遍历漏洞
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a path traversal vulnerability that stems from the application using an uncleaned attacker-controllable parameter to construct...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
CVE-2023-0454
OrangeScrum 2.0.11 is affected by a path traversal vulnerability. An authenticated external attacker can delete arbitrary local files on the server due to an unsanitized attacker-controlled parameter used to construct internal paths. The CVE-2023-0454 entry does not specify a remediation in the p...
Orangescrum Operating System Command Injection Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an operating system command injection vulnerability that originates when the application injects an attacker-controlled parameter...
CVE-2023-0164
OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...
CVE-2023-0164
OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...