FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-12-20 15:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-1000842
Mitre link : CVE-2018-1000842
CVE.ORG link : CVE-2018-1000842
JSON object : View
Products Affected
fatfreecrm
- fatfreecrm
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')