CVE-2023-45394

Name of the Vulnerable Software and Affected Versions Small CRM version 3.0

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability in the Company field of the "Request a Quote" section. This allows an attacker to store and execute malicious javascript code in the Admin panel, potentially leading to Admin account takeover.

Recommendations For Small CRM version 3.0, consider disabling the "Request a Quote" section or restricting access to the Company field until a patch is available to prevent the execution of malicious javascript code. Additionally, monitor Admin panel activity closely for signs of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.