Cross-site Scripting (XSS)

2022-05-0606:23:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

yetiforce-crm

file upload

EPSS

0.001

Percentile

30.0%

JSON

yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation before uploading files in Fields.php, allowing an attacker to upload malicious files.

References

github.com/advisories/GHSA-pqr6-3j58-9w58

github.com/yetiforcecompany/yetiforcecrm/commit/bf69c427260011ffca42f7b6935bb54080c54124

huntr.dev/bounties/75c7cf09-d118-4f91-9686-22b142772529

huntr.dev/bounties/75c7cf09-d118-4f91-9686-22b142772529/

EPSS

0.001

Percentile

30.0%

JSON

Related for VERACODE:35404