CNNVD-202510-750 Information

CNNVD ID

CNNVD-202510-750

Related CVE

CVE-2025-11279

• CNNVD Published: 2025-10-05

Description (Chinese)

Axosoft Scrum and Bug Tracking是美国Axosoft公司的一个敏捷项目管理与缺陷跟踪软件。 Axosoft Scrum and Bug Tracking 22.1.1.11545版本存在安全漏洞，该漏洞源于对组件Add Work Item Page中参数Title的错误操作，可能导致CSV注入攻击。

Description (English)

Axosoft Scrum and Bug Tracking is an agile project management and bug tracking software for Axosoft in the United States. There is a security loophole in version 22.1.11545 of Axosoft Scrum and Bug Tracking, which stems from a mishandling of Title, the parameter in component Add Work Item Page, which could lead to an attack on CSV injection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Axosoft

Published

2025-10-05

Last Modified

2026-02-24

References

https://drive.google.com/file/d/1Lw9_KYblnhg7FQU70G0SgH_VyYRUD-rX/view?usp=sharing https://vuldb.com/?ctiid.327013 https://vuldb.com/?id.327013 https://vuldb.com/?submit.659422