Unknown · Small Crm In Php · CVE-2023-44075
**Name of the Vulnerable Software and Affected Versions**
Small CRM in PHP version 3.0
**Description**
The issue allows a remote attacker to execute arbitrary code via a crafted payload to the `Address` parameter. This enables the attacker to perform Cross Site Scripting attacks.
**Recommendations**
For Small CRM in PHP version 3.0, consider restricting access to the `Address` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `Address` parameter in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.