PT-2025-40789 · Axosoft · Axosoft Scrum/Bug Tracking
Sn4Ku1
·
Published
2025-10-05
·
Updated
2025-10-05
·
CVE-2025-11279
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Axosoft Scrum and Bug Tracking version 22.1.1.11545
Description
A CSV injection issue exists in Axosoft Scrum and Bug Tracking version 22.1.1.11545, specifically within the Add Work Item Page component. The
Title argument is susceptible to manipulation, leading to a CSV injection. This attack can be initiated remotely. The exploit is publicly available.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Special Elements Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Axosoft Scrum/Bug Tracking