CVE-2018-14398
The CVE-2018-14398 entry affects Creme CRM 1.6.12: the cancel button’s value is sourced from the HTTP Referer header, enabling potential redirection to a fraudulent login page to steal credentials. Affected component: web UI logic handling cancel navigation; root cause: using Referer content in U...