CVE-2021-47716
EUVD-2025-20484323.12.2025, 20:15
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| orangescrum | orangescrum | 1.8.0 |
𝑥
= Vulnerable software versions