CVE-2024-48392

Medium CVSS: 5.4

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

Vendor

Orangescrum

Product

Orangescrum

CWE

CWE-79

Yayın Tarihi

2025-01-21 21:15:10

Güncelleme

2025-09-30 21:01:01

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Orangescrum MEDIUM Orangescrum 2025

Referanslar

https://github.com/Renzusclarke/CVE-2024-48392-PoC https://github.com/Renzusclarke/CVE-2024-48392-PoC/blob/main/poc.txt https://www.orangescrum.com/ https://github.com/Renzusclarke/CVE-2024-48392-PoC/blob/main/poc.txt

Benzer Kayıtlar

High

CVE-2021-47720

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate datab…

High

CVE-2021-47721

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other proje…

Medium

CVE-2021-47716

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject ma…