Now, we are in the third bug of orangescrum 1.6.1. The bug is persistent XSS.

TLDR

Open task, chose html editor, reply with your XSS code

orangescrum-persistent-xss (1)

orangescrum-persistent-xss2-1-e1499930283647

 

Other related links :

https://cupuzone.wordpress.com/2017/07/12/orangescrum-1-6-1-multiple-vulnerabilities-1-arbitraty-file-upload/
https://cupuzone.wordpress.com/2017/07/14/orangescrum-1-6-1-multiple-vulnerabilities-2-arbitraty-file-copyoverwrite/
https://cupuzone.wordpress.com/2017/07/14/orangescrum-1-6-1-multiple-vulnerabilities-4-sql-injection/

Advertisements