2 matches found
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
CVE-2021-3539
CVE-2021-3539 affects EspoCRM 6.1.6 and earlier, with a persistent (type II) cross-site scripting (XSS) vulnerability in handling user-supplied avatar images. The issue is fixed in version 6.1.7. The connected documents corroborate the vulnerability and the fix; no exploit details are provided. R...