5 matches found
CVE-2022-3000
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3000 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3000
YetiForce CRM (prior to 6.4.0) is affected by a stored XSS in the LayoutEditor module. The vulnerability stems from an unvalidated title parameter passed to LayoutEditor/EditField.tpl, allowing arbitrary JavaScript execution. A patch is available at commit eebc12601495ada38495076bec12841b2477516b...
CVE-2022-3000 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3000 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...