3 matches found
Cross-site scripting in fat_free_crm
Fat Free CRM before 0.18.1 has XSS in the tagshelper in app/helpers/tagshelper.rb...
CVE-2018-20975
Fat Free CRM before 0.18.1 is vulnerable to Cross‑Site Scripting via the tags_helper.rb logic in app/helpers/tags_helper.rb. The root cause is lack of proper escaping of user-supplied input (notably the query parameter), enabling injection of arbitrary script. Public references (Veracode entry) d...
Cross-site Scripting (XSS)
fatfreecrm is vulnerable to cross-site scripting XSS. The vulnerability exists through query in app/helpers/tagshelper.rb...