Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-qwc8-vjh3-gm2j: YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WorkFlow module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a.

ghsa
#xss#git

YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module

Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

Related news

CVE-2022-3004

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.