Kartik

**Name of the Vulnerable Software and Affected Versions** Small CRM version 3.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability in the Company field of the "Request a Quote" section. This allows an attacker to store and execute malicious javascript code in the Admin panel, potentially leading to Admin account takeover. **Recommendations** For Small CRM version 3.0, consider disabling the "Request a Quote" section or restricting access to the Company field until a patch is available to prevent the execution of malicious javascript code. Additionally, monitor Admin panel activity closely for signs of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.