User6H4Ack

Name of the Vulnerable Software and Affected Versions: Internet Web Solutions Sublime CRM up to 20250207 Description: A problematic vulnerability was found in the HTTP POST Request Handler component of Internet Web Solutions Sublime CRM, affecting an unknown function of the file /crm/inicio.php. The manipulation of the `msg to` argument leads to cross-site scripting. It is possible to launch the attack remotely, and other parameters might be affected as well. The vendor was contacted about this disclosure but did not respond. Recommendations: For Internet Web Solutions Sublime CRM up to 20250207, as a temporary workaround, consider restricting access to the `msg to` argument in the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the `msg to` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.