VYPR
Medium severity5.4NVD Advisory· Published Jan 21, 2025· Updated Jun 17, 2026

CVE-2024-48392

CVE-2024-48392

Description

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.