fat_free_crm is vulnerable to cross-site scripting (XSS). The vulnerability exists through query
in app/helpers/tags_helper.rb
.
CPE | Name | Operator | Version |
---|---|---|---|
fat_free_crm | eq | 0.18.0 | |
fat_free_crm | le | 0.15.1 | |
fat_free_crm | le | 0.17.2 | |
fat_free_crm | le | 0.14.1 | |
fat_free_crm | le | 0.16.3 |
github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa
github.com/asteinhauser/fat_free_crm/issues/1
github.com/fatfreecrm/fat_free_crm/commit/6d60bc8ed010c4eda05d6645c64849f415f68d65
github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29
groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc