Filtered by vendor Orangescrum
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0164 | 1 Orangescrum | 1 Orangescrum | 2025-04-03 | N/A | 8.8 HIGH |
| OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function. | |||||
| CVE-2023-0624 | 1 Orangescrum | 1 Orangescrum | 2025-03-24 | N/A | 6.1 MEDIUM |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | |||||
| CVE-2023-0738 | 1 Orangescrum | 1 Orangescrum | 2025-02-13 | N/A | 6.1 MEDIUM |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | |||||
| CVE-2023-1783 | 1 Orangescrum | 1 Orangescrum | 2024-11-21 | N/A | 6.5 MEDIUM |
| OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF. | |||||