CNNVD-202512-4122 Information

CNNVD ID

CNNVD-202512-4122

Related CVE

CVE-2021-47716

• CNNVD Published: 2025-12-23

Description (Chinese)

OrangeScrum是美国OrangeScrum公司的一款简单但功能强大的免费开源项目管理软件。 OrangeScrum 1.8.0版本存在跨站脚本漏洞，该漏洞源于对projid、CS_message和name等参数输入验证不足，可能导致跨站脚本攻击。

Description (English)

OrangeScrum is a simple but powerful, free open-source project management software for OrangeScrum in the United States. OrangeScrum 1.8.0 has a cross-site script loophole, which results from inadequate verification of parameters such as projid, CS message and name, which may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

开源地理空间

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.orangescrum.org/ https://www.vulncheck.com/advisories/orangescrum-cross-site-scripting-via-authenticated-endpoints https://www.exploit-db.com/exploits/50554 https://access.redhat.com/security/cve/cve-2021-47716