CVE-2018-9283
Affects CremeCRM 1.6.12: ten stored XSS vulnerabilities in contact creation/modification parameters (firstname, lastname, billing/shipping address fields). The payload is stored in the application database and triggers JavaScript execution on page visits. No patch/version remediation or exploitat...