exploitDog

CVE-2023-0738

Опубликовано: 04 апр. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.

Ссылки

https://fluidattacks.com/advisories/eilish/
Exploit
Third Party Advisory
https://github.com/Orangescrum/orangescrum/
Product
https://fluidattacks.com/advisories/eilish/
Exploit
Third Party Advisory
https://github.com/Orangescrum/orangescrum/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:orangescrum:orangescrum:2.0.11:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00114

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-r6wr-pw22-2qqc

CVSS3: 6.1

github

почти 3 года назад

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.

EPSS

Процентиль: 30%

0.00114

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79