CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Fat Free CRM Gem contains a javascript cross-site scripting (XSS)
vulnerability. When a user is created/updated using a specifically
crafted username, first name or last name, it is possible for
arbitrary javascript to be executed on all Fat Free CRM pages.
This code would be executed for all logged in users.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | fat_free_crm | * | cpe:2.3:a:ruby:fat_free_crm:*:*:*:*:*:*:*:* |