CVE-2018-17301
CVE-2018-17301 — EspoCRM 5.3.6 has a reflected XSS in the file client/res/templates/global-search/name-field.tpl , exploitable via the /#Account search panel. The vulnerability stems from improper handling of user-supplied input in the global search name field, allowing injection of arbitrary Jav...