GCVE - cpe:2.3:a:n/a:orangescrum:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:orangescrum:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Orangescrum (`32b517ed-67dc-588e-8037-8bac072ae6db`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-0738`	vulnerable	2026-06-08 05:52:32.497146	Details available OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. Published: 2023-04-04T00:00:00.000Z Updated: 2025-02-13T16:02:01.027Z Open on db.gcve.eu Reference links https://github.com/Orangescrum/orangescrum/ https://fluidattacks.com/advisories/eilish/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0624`	vulnerable	2026-06-08 05:52:32.098921	Details available OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. Published: 2023-02-09T00:00:00.000Z Updated: 2025-03-24T20:32:46.534Z Open on db.gcve.eu Reference links https://github.com/Orangescrum/orangescrum/ https://fluidattacks.com/advisories/oberhofer/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0454`	vulnerable	2026-06-08 05:52:04.976105	Details available OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. Published: 2023-02-01T00:00:00.000Z Updated: 2025-03-27T14:41:27.319Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/slushii/ https://github.com/Orangescrum/orangescrum/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0164`	vulnerable	2026-06-08 05:52:04.402422	Details available OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-03T19:29:49.136Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/queen/ https://github.com/Orangescrum/orangescrum	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.