CVE-2018-1000842

FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fatfreecrm:fatfreecrm:*:*:*:*:*:ruby:*:*
cpe:2.3:a:fatfreecrm:fatfreecrm:*:*:*:*:*:ruby:*:*
cpe:2.3:a:fatfreecrm:fatfreecrm:*:*:*:*:*:ruby:*:*
cpe:2.3:a:fatfreecrm:fatfreecrm:*:*:*:*:*:ruby:*:*
cpe:2.3:a:fatfreecrm:fatfreecrm:0.18.0:*:*:*:*:ruby:*:*

History

07 Nov 2023, 02:51

Type Values Removed Values Added
References
  • {'url': 'https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc', 'name': 'https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://groups.google.com/forum/#%21topic/fat-free-crm-users/TxsdZXSe7Jc -

Information

Published : 2018-12-20 15:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-1000842

Mitre link : CVE-2018-1000842

CVE.ORG link : CVE-2018-1000842


JSON object : View

Products Affected

fatfreecrm

  • fatfreecrm
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')