Lucene search
Veracode Vulnerability DatabaseVERACODE:37227HistorySep 21, 2022 - 10:15 a.m.
Stored Cross-site Scripting (XSS)
2022-09-2110:15:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
yetiforce-crm
stored xss
layouteditor
0.001 Low
EPSS
Percentile
21.6%
yetiforce/yetiforce-crm is vulnerable to stored cross-site scripting(XSS) attacks. The library does not properly escape fieldModel->label parameter in LayoutEditor and it is used directly without any encoding or validation on LayoutEditor/EditField.tpl, allowing an attacker to inject and execute malicious javascript to perform a stored XSS attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| yetiforce/yetiforce-crm | le | 6.4.0 | |
| yetiforce/yetiforce-crm | le | 6.4.0 |
Related
osv
osv
CVE-2022-3000
2022-09-20 07:15:12
nvd
nvd
CVE-2022-3000
2022-09-20 07:15:12
cve
cve
CVE-2022-3000
2022-09-20 07:15:12
prion
prion
Cross site scripting
2022-09-20 07:15:00
cvelist
cvelist
github
github
huntr
huntr
Persistent Cross Site Scripting - LayoutEditor Module - Settings
2022-08-19 17:53:46