QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-48392

Back to search

CVE-2024-48392

Published: Jan 21, 2025

Modified: Jan 22, 2025

PUBLISHED

Description

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

VendorProductVersions

n/a

n/a

affected
n/a

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now