CVE-2015-5365

Name of the Vulnerable Software and Affected Versions Zurmo CRM version 3.0.2

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the What's going on? profile field. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Zurmo CRM version 3.0.2, consider restricting access to the What's going on? profile field until a patch is available to prevent exploitation of this issue. As a temporary workaround, disabling the ability to input HTML in this field may help mitigate the risk.