CVE-2021-47716

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0

Description The application has multiple cross-site scripting issues that permit authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters such as projid, CS message, and name to execute arbitrary JavaScript code in victim’s browsers by submitting crafted payloads through application endpoints.

Recommendations Update to a newer version that contains a fix for this vulnerability.