Headline
GHSA-2qf8-h7pr-x2r8: YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WidgetsManagement module. A patch is available at commit b716ecea340783b842498425faa029800bd30420.
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module
Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022
Related news
CVE-2022-2924: Improved data display on some widgets · YetiForceCompany/YetiForceCRM@b716ece
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.