PT-2018-9566 · Fat Free Crm · Fat Free Crm

Antonin Steinhauser

Publicado

2018-12-20

Atualizado

2021-09-09

CVE-2018-1000842

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FatFreeCRM versions <=0.14.1 FatFreeCRM versions 0.15.0 through 0.15.1 FatFreeCRM versions 0.16.0 through 0.16.3 FatFreeCRM versions 0.17.0 through 0.17.2 FatFreeCRM version 0.18.0

Description The issue is a Cross Site Scripting (XSS) vulnerability that can result in Javascript execution. This attack appears to be exploitable via content with a Javascript payload that will be executed on end-user browsers when they visit the page.

Recommendations For FatFreeCRM versions <=0.14.1, update to version 0.14.2 or later. For FatFreeCRM versions 0.15.0 through 0.15.1, update to version 0.15.2 or later. For FatFreeCRM versions 0.16.0 through 0.16.3, update to version 0.16.4 or later. For FatFreeCRM versions 0.17.0 through 0.17.2, update to version 0.17.3 or later. For FatFreeCRM version 0.18.0, update to version 0.18.1 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-1000842

GHSA-J5RJ-G695-342R

Produtos afetados

Fat Free Crm

PT-2018-9566 · Fat Free Crm · Fat Free Crm

CVE-2018-1000842

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10