3 matches found
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...
CVE-2022-38845
CVE-2022-38845 affects EspoCRM 7.1.8, where an attacker can trigger Cross-Site Scripting via the Import feature by sending a crafted CSV containing malicious JavaScript. This requires an authenticated user to import the file, potentially causing the browser to execute injected scripts. Red Hat an...