CVE-2026-26460

Name of the Vulnerable Software and Affected Versions Vtiger CRM version 8.4.0

Description An HTML Injection issue exists in the Dashboard module. The application fails to properly neutralize user-supplied input in the tabid parameter of the 'DashBoardTab' view ('getTabContents' action), allowing an attacker to inject arbitrary HTML content into the dashboard interface. This content is then rendered in the victim's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.