YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
Moderate severity
GitHub Reviewed
Published
Sep 21, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Sep 20, 2022
Published to the GitHub Advisory Database
Sep 21, 2022
Reviewed
Sep 21, 2022
Last updated
Jan 30, 2023
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the
WorkFlow
module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a.References