Headline
GHSA-vx3x-hwph-grvw: YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy module. A patch is available at commit e55886781509fe39951fc7528347696474a17884.
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022
Related news
CVE-2022-3005
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.