CVE-2021-47716 — MEDIUM (5.4)

Vulnerability Description

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Orangescrum	Orangescrum	1.8.0

Related Weaknesses (CWE)

CWE-79

References

https://www.exploit-db.com/exploits/50554Exploit
https://www.orangescrum.org/Product
https://www.vulncheck.com/advisories/orangescrum-cross-site-scripting-via-authenThird Party Advisory

FAQ

What is CVE-2021-47716?

CVE-2021-47716 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit paramete...

How severe is CVE-2021-47716?

CVE-2021-47716 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-47716?

Check the references section above for vendor advisories and patch information. Affected products include: Orangescrum Orangescrum.