Lucene search
GitHub Advisory DatabaseGHSA-V9FJ-H8G6-4W9QHistoryOct 06, 2022 - 6:52 p.m.
YetiForce CRM vulnerable to stored Cross-site Scripting
2022-10-0618:52:03
CWE-79
GitHub Advisory Database
github.com
14
yetiforce crm
stored
cross-site scripting
vulnerable
patch
developer branch
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.4%
YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch.
Affected configurations
Node
yetiforceyetiforce_customer_relationship_managementRange≤6.4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| yetiforce | yetiforce_customer_relationship_management | * | cpe:2.3:a:yetiforce:yetiforce_customer_relationship_management:*:*:*:*:*:*:*:* |
Related
veracode
veracode
Cross-site Scripting (XSS)
2022-10-07 06:20:45
prion
prion
Cross site scripting
2022-10-06 18:16:00
cnvd
cnvd
YetiForceCrm Cross-Site Scripting Vulnerability (CNVD-2022-69154)
2022-10-10 00:00:00
cve
cve
CVE-2022-3002
2022-10-06 18:16:19
osv
osv
CVE-2022-3002
2022-10-06 18:16:19
YetiForce CRM vulnerable to stored Cross-site Scripting
2022-10-06 18:52:03
huntr
huntr
Persistent Cross Site Scripting - BusinessHours Module - Settings
2022-08-19 17:57:00
cvelist
cvelist
nvd
nvd
CVE-2022-3002
2022-10-06 18:16:19
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.4%
Related for GHSA-V9FJ-H8G6-4W9Q