6 matches found
Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists because the library type recordModel Text parameter does not properly validate or encode in slaPolicy module settings, allowing an attacker to inject and execute malicious javascript...
GHSA-VX3X-HWPH-GRVW YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy module. A patch is available at commit e55886781509fe39951fc7528347696474a17884...
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy module. A patch is available at commit e55886781509fe39951fc7528347696474a17884...
PT-2022-19986 · Unknown · Yetiforcecrm
Name of the Vulnerable Software and Affected Versions: YetiForce CRM versions prior to 6.4.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the YetiForce CRM GitHub repository. The SlaPolicy module is vulnerable to cross-site scripting. Recommendations: For...
YetiForceCrm 跨站脚本漏洞
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in YetiForceCrm versions prior to 6.4.0, which stems from an unvalidated recordModel-name parameter of type "Text" in the SlaPolicy module in Settings and is used directly in...
Persistent Cross-site Scripting - SlaPolicy Module - Settingss
Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On SlaPolicy module from Settings, the type of recordModel-name parameter is "Text" but it is not validated and it's used directly without any encoding or validation on SlaPolicy/EditViewBlocks.tpl. It...