EPSS
Percentile
30.0%
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation before uploading files in Fields.php, allowing an attacker to upload malicious files.
Fields.php
github.com/advisories/GHSA-pqr6-3j58-9w58
github.com/yetiforcecompany/yetiforcecrm/commit/bf69c427260011ffca42f7b6935bb54080c54124
huntr.dev/bounties/75c7cf09-d118-4f91-9686-22b142772529
huntr.dev/bounties/75c7cf09-d118-4f91-9686-22b142772529/