2 matches found
CVE-2019-14547
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the...
CVE-2019-14547
CVE-2019-14547 affects EspoCRM up to version 5.6.8. The issue is a stored XSS where an attacker can send an attachment with a malicious JavaScript-in-filename that executes when an admin selects that file from the attachments list, potentially exposing cookies or compromising accounts. Public sou...