Haythem Arfaoui

**Name of the Vulnerable Software and Affected Versions** Elaine's Realtime CRM Automation version 6.18.17 **Description** A reflected cross-site scripting (XSS) issue allows attackers to execute arbitrary JavaScript code in a user's web browser by injecting a crafted payload into the `dialog` parameter at "wrapper dialog.php". **Recommendations** For Elaine's Realtime CRM Automation version 6.18.17, consider disabling access to the "wrapper dialog.php" endpoint until a patch is available to prevent exploitation of the reflected XSS issue. Restrict input to the `dialog` parameter to minimize the risk of arbitrary JavaScript code execution. At the moment, there is no information about a newer version that contains a fix for this issue.