Vulnerabilities > Orangescrum

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-23	CVE-2023-1783	Cross-site Scripting vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. network low complexity orangescrum CWE-79	7.6
2023-04-04	CVE-2023-0738	Cross-site Scripting vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. network low complexity orangescrum CWE-79	6.1
2023-02-09	CVE-2023-0624	Cross-site Scripting vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. network low complexity orangescrum CWE-79	6.1
2023-02-01	CVE-2023-0454	Path Traversal vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. network low complexity orangescrum CWE-22	8.1
2023-01-18	CVE-2023-0164	OS Command Injection vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. network low complexity orangescrum CWE-78	8.8

Vulnerabilities > Orangescrum {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Orangescrum"}]}