Elite Crm · Elite Crm · CVE-2022-40361
**Name of the Vulnerable Software and Affected Versions**
Elite CRM version 1.2.11
**Description**
A Cross Site Scripting issue allows an attacker to execute arbitrary code via the `language` parameter to the "/ngs/login" endpoint.
**Recommendations**
For Elite CRM version 1.2.11, avoid using the `language` parameter in the "/ngs/login" endpoint until a fix is available. Consider restricting access to this endpoint as a temporary mitigation measure.