Yetiforcecrm is vulnerable to stored cross-site scripting. The vulnerability is due to the workflowModel
not sanitizing the summary
field, allowing an attacker to inject script tags via the workflow module settings, which results in stored cross-site scripting.