Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering
Vulnerability Description
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
OrangeScrum 跨站脚本漏洞
Vulnerability Description
OrangeScrum是美国OrangeScrum公司的一款简单但功能强大的免费开源项目管理软件。 OrangeScrum 2.0.11版本存在安全漏洞,该漏洞源于应用程序没有正确验证要转换为PDF的HTML内容,允许外部攻击者远程获取AWS实例凭证。
CVSS Information
N/A
Vulnerability Type
N/A