3 matches found
CVE-2022-2924 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...
CVE-2022-2924 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...
CVE-2022-2924
CVE-2022-2924 affects YetiForce CRM prior to 6.3 with stored XSS in the WidgetsManagement module. The root cause is an unvalidated title parameter that is used directly in Vitger/dashboards/ChartFilter.tpl, enabling injected JavaScript. Remedies: upgrade to 6.3+ or apply the patch referenced by t...