Lucene search
Veracode Vulnerability DatabaseVERACODE:37437HistoryOct 07, 2022 - 6:20 a.m.
Cross-site Scripting (XSS)
2022-10-0706:20:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
cross-site scripting
yetiforce-crm
editviewblocks.tpl
vulnerability
javascript
0.001 Low
EPSS
Percentile
21.6%
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the name attribute in EditViewBlocks.tpl allowing an attacker to inject and execute malicious JavaScript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| yetiforce/yetiforce-crm | le | 6.4.0 | |
| yetiforce/yetiforce-crm | le | 6.4.0 |
Related
huntr
huntr
Persistent Cross Site Scripting - BusinessHours Module - Settings
2022-08-19 17:57:00
nvd
nvd
CVE-2022-3002
2022-10-06 18:16:19
cvelist
cvelist
prion
prion
Cross site scripting
2022-10-06 18:16:00
cnvd
cnvd
YetiForceCrm Cross-Site Scripting Vulnerability (CNVD-2022-69154)
2022-10-10 00:00:00
osv
osv
YetiForce CRM vulnerable to stored Cross-site Scripting
2022-10-06 18:52:03
CVE-2022-3002
2022-10-06 18:16:19
github
github
YetiForce CRM vulnerable to stored Cross-site Scripting
2022-10-06 18:52:03
cve
cve
CVE-2022-3002
2022-10-06 18:16:19