Headline
CVE-2022-3005
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
Related news
GHSA-vx3x-hwph-grvw: YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the `SlaPolicy` module. A patch is available at commit e55886781509fe39951fc7528347696474a17884.