Sn4Ku1

**Name of the Vulnerable Software and Affected Versions** Axosoft Scrum and Bug Tracking version 22.1.1.11545 **Description** A flaw exists in Axosoft Scrum and Bug Tracking that allows for CSV injection. The issue is located in the Edit Ticket Page component, specifically through manipulation of the `Title` argument. This can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axosoft Scrum and Bug Tracking version 22.1.1.11545 **Description** A CSV injection issue exists in Axosoft Scrum and Bug Tracking version 22.1.1.11545, specifically within the Add Work Item Page component. The `Title` argument is susceptible to manipulation, leading to a CSV injection. This attack can be initiated remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.