99 matches found
Orangescrum Elevation of Privilege Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an elevation of privilege vulnerability, which stems from the application's failure to effectively verify the source of requests ...
Orangescrum Cross-Site Scripting Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which stems from insufficient validation of parameter inputs such as projid, CSmessage, and...
Orangescrum SQL Injection Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a SQL injection vulnerability that stems from insufficient validation of parameter inputs such as oldprojectid, projectid, uuid,...
CVE-2021-47716
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47720
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47721
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...
CVE-2021-47720
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47721
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...
CVE-2021-47720
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47716
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47716
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47716
Orangescrum 1.8.0 is affected by multiple cross-site scripting (XSS) vulnerabilities exposed via authenticated endpoints. The issue arises from insufficient validation of inputs such as projid, CS_message, and name, allowing an attacker to inject arbitrary JavaScript into victims’ browsers by sub...
CVE-2021-47721 Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...
CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47721 Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...
CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47721
CVE-2021-47721 affects Orangescrum 1.8.0. An authenticated user can perform privilege escalation by manipulating session cookies to take over other project‑assigned accounts. The vulnerability is described as extracting the victim’s unique ID from the page source and replacing the attacker’s sess...
CVE-2021-47720
Orangescrum 1.8.0 is affected by an authenticated SQL injection via multiple parameters (old_project_id, project_id, uuid, uniqid). The root cause is insufficient validation of input parameters, allowing attackers with authorization to manipulate database queries and potentially extract or modify...