Axosoft Scrum and Bug Tracking Add Work Item csv injection

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11279

Source VulDB

Published Oct 5, 2025 at 03:02

Affected Product

Vendor Axosoft

Product Scrum and Bug Tracking

Version 22.1.1.11545

Affected Versions Axosoft Scrum and Bug Tracking 22.1.1.11545

CWE Classification

CWE-1236 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-05T03:02:06.381Z",
    "modified": "2025-10-05T03:02:06.381Z",
    "type": "cve",
    "title": "Axosoft Scrum and Bug Tracking Add Work Item csv injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327013\nhttps://vuldb.com/?ctiid.327013\nhttps://vuldb.com/?submit.659422\nhttps://drive.google.com/file/d/1Lw9_KYblnhg7FQU70G0SgH_VyYRUD-rX/view?usp=sharing",
    "id": "CVE-2025-11279",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1236",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Axosoft Scrum and Bug Tracking 22.1.1.11545",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Scrum and Bug Tracking",
    "version": "22.1.1.11545",
    "vendor": "Axosoft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Axosoft Scrum and Bug Tracking Add Work Item csv injection_CVE-2025-11279