2 matches found
CVE-2022-22112
CVE-2022-22112 affects DayByDay CRM, versions 1.1–2.2.1. The issue is an application-wide Client-Side Template Injection (CSTI) that allows a low-privileged attacker to input template payloads at multiple locations to execute JavaScript in the client browser. The primary sources describe the vuln...
CVE-2022-22112 DayByDay CRM - Application-Wide Client-Side Template Injection (CSTI)
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...