fat_free_crm is vulnerable to cross-site scripting (XSS). The vulnerability exists because it does not escape the string entered for query
in app/helpers/tags_helper.rb
, allowing an attacker to inject arbitrary script through it.
CPE | Name | Operator | Version |
---|---|---|---|
fat_free_crm | le | 0.18.0 |