Steinhause

**Name of the Vulnerable Software and Affected Versions** Fat Free CRM versions prior to 0.18.1 **Description** The issue is related to a Cross-Site Scripting (XSS) flaw in the `tags helper` located in `app/helpers/tags helper.rb`. This allows for potential malicious script injection. **Recommendations** For versions prior to 0.18.1, update to version 0.18.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `tags helper` function in `app/helpers/tags helper.rb` until the update is applied.

**Name of the Vulnerable Software and Affected Versions** FatFreeCRM versions <=0.14.1 FatFreeCRM versions 0.15.0 through 0.15.1 FatFreeCRM versions 0.16.0 through 0.16.3 FatFreeCRM versions 0.17.0 through 0.17.2 FatFreeCRM version 0.18.0 **Description** The issue is a Cross Site Scripting (XSS) vulnerability that can result in Javascript execution. This attack appears to be exploitable via content with a Javascript payload that will be executed on end-user browsers when they visit the page. **Recommendations** For FatFreeCRM versions <=0.14.1, update to version 0.14.2 or later. For FatFreeCRM versions 0.15.0 through 0.15.1, update to version 0.15.2 or later. For FatFreeCRM versions 0.16.0 through 0.16.3, update to version 0.16.4 or later. For FatFreeCRM versions 0.17.0 through 0.17.2, update to version 0.17.3 or later. For FatFreeCRM version 0.18.0, update to version 0.18.1 or later.