CVE-2022-3000

Name of the Vulnerable Software and Affected Versions YetiForce CRM versions prior to 6.4.0

Description The issue is related to Cross-site Scripting (XSS) - Stored, which affects the GitHub repository yetiforcecompany/yetiforcecrm. The LayoutEditor module is specifically vulnerable to cross-site scripting.

Recommendations For versions prior to 6.4.0, update to version 6.4.0 or later, as a patch is available at commit eebc12601495ada38495076bec12841b2477516b. As a temporary workaround, consider disabling the LayoutEditor module until the patch is applied.