EPSS
Percentile
31.4%
yetiforce/yetiforce-crm is vulnerable to cross-site request forgery. The vulnerability exists in PasswordModalFooter.tpl, allowing a malicious attacker to log out a user as if the authenticated user visits the attacker’s website.
PasswordModalFooter.tpl
github.com/yetiforcecompany/yetiforcecrm/commit/585da04bb72d36a894f6ea5939ab909e53fd8c23
huntr.dev/bounties/7b58c160-bb62-45fe-ad1f-38354378b89e
huntr.dev/bounties/7b58c160-bb62-45fe-ad1f-38354378b89e/