Vulnerabilities > Orangescrum > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2023-0738 Cross-site Scripting vulnerability in Orangescrum 2.0.11
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application.
network
low complexity
orangescrum CWE-79
6.1
6.1
2023-02-09 CVE-2023-0624 Cross-site Scripting vulnerability in Orangescrum 2.0.11
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application.
network
low complexity
orangescrum CWE-79
6.1
6.1