CVE-2022-2890

Name of the Vulnerable Software and Affected Versions yetiforcecrm versions prior to 6.4.0

Description The issue is related to a Cross-site Scripting (XSS) - Stored vulnerability in the YetiFroce CRM system, which is caused by the lack of protection measures for the web page structure. This allows a remote attacker to perform cross-site scripting attacks.

Recommendations For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation.