Elite CRM is a customer relationship management system. A cross-site scripting vulnerability exists in Elite CRM v1.2.11, which stems from the application’s lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary code via the language parameter of the /ngs/login endpoint.
CPE | Name | Operator | Version |
---|---|---|---|
elite crm elite crm v | eq | 1.2.11 |