YetiForceCrm 代码问题漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A security vulnerability exists in YetiForceCrm versions prior to 6.4.0, which stems from a problematic unreconstructed file upload in the application. An attacker could send a malicious file to the victim and use the...

PT-2020-16179 · Ruby +1 · Gon +1

Name of the Vulnerable Software and Affected Versions: gon versions prior to 6.4.0 Description: An issue was discovered in the gon gem for Ruby, where MultiJson does not honor the escape mode parameter to escape fields as an XSS protection mechanism. To mitigate, json dumper.rb in gon now does...