CVE-2017-15039

Name of the Vulnerable Software and Affected Versions Zurmo version 3.2.1.57987acc3018

Description A cross-site scripting issue exists due to the improper handling of a data: URL in the redirectUrl parameter to "app/index.php/meetings/default/createMeeting" API endpoint. This allows for potential exploitation.

Recommendations For Zurmo version 3.2.1.57987acc3018, avoid using the redirectUrl parameter with data: URLs in the "app/index.php/meetings/default/createMeeting" endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation.