yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the name
attribute in EditViewBlocks.tpl
allowing an attacker to inject and execute malicious JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
yetiforce/yetiforce-crm | le | 6.4.0 | |
yetiforce/yetiforce-crm | le | 6.4.0 |