CVE-2022-22112

Name of the Vulnerable Software and Affected Versions DayByDay CRM versions 1.1 through 2.2.1

Description The issue is related to an application-wide Client-Side Template Injection (CSTI) that allows a low-privileged attacker to input template injection payloads in various locations within the application. This enables the execution of JavaScript on the client's browser.

Recommendations For DayByDay CRM versions 1.1 through 2.2.1, consider restricting user input in areas where template injection payloads can be executed until a patch is available. As a temporary workaround, limit the ability to input JavaScript code in the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.