Vtiger · Vtiger Crm · CVE-2026-26460
**Name of the Vulnerable Software and Affected Versions**
Vtiger CRM version 8.4.0
**Description**
An HTML Injection issue exists in the Dashboard module. The application fails to properly neutralize user-supplied input in the `tabid` parameter of the 'DashBoardTab' view ('getTabContents' action), allowing an attacker to inject arbitrary HTML content into the dashboard interface. This content is then rendered in the victim's browser.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.