Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Apr 7, 2026
Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints
CVE-2021-47716
Description
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.
Affected products
2= 1.8.0+ 1 more
- (no CPE)range: = 1.8.0
- (no CPE)range: 1.8.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/50554mitreexploit
- www.vulncheck.com/advisories/orangescrum-cross-site-scripting-via-authenticated-endpointsmitrethird-party-advisory
- www.orangescrum.orgmitreproduct
News mentions
0No linked articles in our index yet.