CVE-2025-70936
Vtiger CRM 8.4.0 is affected by a reflected XSS in the MailManager module, caused by improper handling of user-controlled input in the _folder parameter. The payload is reflected and executed in an authenticated user session, using a double URL-encoded input. The available connected sources confi...