Browse all 4 CVE security advisories affecting Orangescrum. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Orangescrum is a project management platform designed to help teams track tasks, collaborate, and manage workflows. Historically, the platform has been vulnerable to several security issues, including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from improper input validation and insufficient access controls. Privilege escalation vulnerabilities have also been documented, allowing unauthorized users to access sensitive project data. While no major public security incidents have been widely reported, the four CVEs on record highlight consistent security challenges in areas like authentication and data handling, suggesting a need for robust security practices in deployment and regular updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-47716 | Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints — orangescrumCWE-79 | 5.4 | Medium | 2025-12-23 |
| CVE-2021-47721 | Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation — orangescrumCWE-639 | 8.8 | High | 2025-12-23 |
| CVE-2021-47720 | Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters — orangescrumCWE-89 | 7.1 | High | 2025-12-23 |
| CVE-2023-1783 | OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering — OrangescrumCWE-79 | 6.5 | Medium | 2023-06-23 |
This page lists every published CVE security advisory associated with Orangescrum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.