4 matches found
CVE-2022-3005
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3005
YetiForce CRM versions prior to 6.4.0 are affected by a stored XSS in the SlaPolicy module. The vulnerability arises from an unvalidated Text input (recordModel->name) rendered in SlaPolicy/EditViewBlocks.tpl, allowing injected JavaScript. A patch is available at commit e55886781509fe39951fc75...
CVE-2022-3005 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3005 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...