CVE-2025-12249 | Axosoft Scrum and Bug Tracking 22.1.1.11545 Edit Ticket Page Title csv injection

A vulnerability identified as problematic has been detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection.

This vulnerability is cataloged as CVE-2025-12249. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More