CVE-2026-5370

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions krayin laravel-crm versions up to 2.2

Description A cross-site scripting issue was identified in the composeMail function within the packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts file of the Activities Module/Notes Module. This manipulation can be exploited remotely, and a public exploit is available.

Recommendations Deploy patch 73ed28d466bf14787fdb86a120c656a4af270153.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2026-5370

GHSA-9M2V-HC5G-5JPV

Affected Products

Activities Module

Notes Module

Laravel-Crm

CVE-2026-5370

Weakness Enumeration

Related Identifiers

Affected Products

References · 10