Cross site scripting

2018-09-2107:29:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.

CPENameOperatorVersion
espocrmeq5.3.6

CPE	Name	Operator	Version
	espocrm	eq	5.3.6

References

github.com/espocrm/espocrm/issues/1039

github.com/security-breachlock/CVE-2018-17302/blob/master/XSS%20(Stored)%20in%20EspoCRM.pdf