Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM prior to 0.13.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fatfreecrm fat free crm 0.11.1 |
||
fatfreecrm fat free crm 0.11.4 |
||
fatfreecrm fat free crm 0.12.0 |
||
fatfreecrm fat free crm 0.12.1 |
||
fatfreecrm fat free crm |
||
fatfreecrm fat free crm 0.11.2 |