CVE-2022-2924

Name of the Vulnerable Software and Affected Versions YetiForce CRM versions prior to 6.3 YetiForce CRM versions 6.4.0 and prior

Description The issue is related to Cross-site Scripting (XSS) - Stored, which affects the GitHub repository yetiforcecompany/yetiforcecrm. The WidgetsManagement module is vulnerable to cross-site scripting.

Recommendations For versions prior to 6.3, update to version 6.3 or later. For version 6.4.0, apply the patch available at commit b716ecea340783b842498425faa029800bd30420. As a temporary workaround, consider disabling the WidgetsManagement module until a patch is available.