2025-12-23 19:35:40
VulnCheck
PUBLISHED
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like projid, CS_message, and name to execute arbitrary JavaScript code in victims browsers by submitting crafted payloads through application endpoints.