PT-2018-9566 · Fat Free Crm · Fat Free Crm

Antonin Steinhauser

Published

2018-12-20

Updated

2021-09-09

CVE-2018-1000842

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FatFreeCRM versions <=0.14.1 FatFreeCRM versions 0.15.0 through 0.15.1 FatFreeCRM versions 0.16.0 through 0.16.3 FatFreeCRM versions 0.17.0 through 0.17.2 FatFreeCRM version 0.18.0

Description The issue is a Cross Site Scripting (XSS) vulnerability that can result in Javascript execution. This attack appears to be exploitable via content with a Javascript payload that will be executed on end-user browsers when they visit the page.

Recommendations For FatFreeCRM versions <=0.14.1, update to version 0.14.2 or later. For FatFreeCRM versions 0.15.0 through 0.15.1, update to version 0.15.2 or later. For FatFreeCRM versions 0.16.0 through 0.16.3, update to version 0.16.4 or later. For FatFreeCRM versions 0.17.0 through 0.17.2, update to version 0.17.3 or later. For FatFreeCRM version 0.18.0, update to version 0.18.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000842

GHSA-J5RJ-G695-342R

Affected Products

Fat Free Crm

PT-2018-9566 · Fat Free Crm · Fat Free Crm

CVE-2018-1000842

Weakness Enumeration

Related Identifiers

Affected Products

References · 10