PT-2023-31948 · Idurar · Idurar
Name of the Vulnerable Software and Affected Versions: IDURAR aka idurar-erp-crm versions 2.0.1 and earlier Description: The issue allows stored XSS via a PATCH request with a crafted JSON email template in the "/api/email/update" data. This can be exploited by sending a specially crafted request...