PT-2021-11761 · Unknown · Group Office Crm

Published

2021-04-14

Updated

2021-04-19

CVE-2020-35418

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Group Office CRM version 6.4.196

Description: The issue is related to Cross Site Scripting (XSS) in the contact page of Group Office CRM. This occurs when a crafted svg file is uploaded.

Recommendations: For version 6.4.196, consider disabling the contact page's file upload feature until a fix is available. Restrict access to the contact page to minimize the risk of exploitation. Avoid using the contact page for uploading files until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-35418

Affected Products

Group Office Crm

PT-2021-11761 · Unknown · Group Office Crm

CVE-2020-35418

Weakness Enumeration

Related Identifiers

Affected Products

References · 4