← voltar
CVE-2025-11279

Axosoft Scrum and Bug Tracking Add Work Item csv injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-1236CWE-74
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
Axosoft · Scrum and Bug Tracking

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://drive.google.com/file/d/1Lw9_KYblnhg7FQU70G0SgH_VyYRUD-rX/view?usp=sharinghttps://vuldb.com/?ctiid.327013https://vuldb.com/?id.327013https://vuldb.com/?submit.659422