CVE-2024-48392 PoC — OrangeScrum 跨站脚本漏洞

Source

https://github.com/Renzusclarke/CVE-2024-48392-PoC

Associated Vulnerability

Title:OrangeScrum 跨站脚本漏洞 (CVE-2024-48392)
Description:OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

Readme

# CVE-2024-48392 Exploit
## Overview
This repository contains a proof-of-concept (PoC) exploit for CVE-2024-48392, an XSS vulnerability discovered in Orangescrum self-hosted as well as the premium version. CVE ID: CVE-2024-48392

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →