exploitDog

GHSA-cgvg-jxwx-m862

Опубликовано: 21 янв. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

Ссылки

EPSS

Процентиль: 56%

0.00332

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-48392

CVSS3: 5.4

nvd

около 1 года назад

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

EPSS

Процентиль: 56%

0.00332

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79