PT-2025-16546 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.5 Description: The issue concerns the Iframe dashlet in EspoCRM, which allows users to display iframes with arbitrary URLs. Since the sandbox attribute is not included in the iframe, a remote page can open popups...