CVE-2014-5441
Fat Free CRM (up to version 0.13.3) is affected by multiple XSS vulnerabilities in app/views/layouts/application.html.haml, exploitable via the username, first name, or last name fields during create/edit user actions. The root cause is improper handling/escaping in the template that allows injec...