Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OrangeScrum 跨站脚本漏洞
Vulnerability Description
OrangeScrum是美国OrangeScrum公司的一款简单但功能强大的免费开源项目管理软件。 OrangeScrum 2.0.11 版本存在安全漏洞,该漏洞源于外部攻击者从应用程序中获取任意用户帐户。
CVSS Information
N/A
Vulnerability Type
N/A