Aziz Nefzi

1 exploit Active since Jan 2025

CVE-2024-48392 WRITEUP MEDIUM WORKING POC

OrangeScrum 2.0.11 - Stored Cross-Site Scripting via User Email Input

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

CVSS 5.4

View Code