EPSS
Percentile
21.4%
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the name attribute in EditViewBlocks.tpl allowing an attacker to inject and execute malicious JavaScript.
name
EditViewBlocks.tpl
github.com/advisories/GHSA-v9fj-h8g6-4w9q
github.com/yetiforcecompany/yetiforcecrm/commit/54728becfdad9b6e686bbe336007cba2ce518248
huntr.dev/bounties/d213d7ea-fe92-40b2-a1f9-2ba32dec50f5
huntr.dev/bounties/d213d7ea-fe92-40b2-a1f9-2ba32dec50f5/
www.cve.org/CVERecord?id=CVE-2022-3002