CVE-2019-14550
EspoCRM before 5.6.9 is affected by a Stored XSS vulnerability. An attacker can inject malicious JavaScript via the add tab list feature, which executes when a victim clicks Edit Dashboard on the Homepage, enabling cookie theft and account compromise. A fix is available in version 5.6.9 (see link...