Published: 10/06/2019 Updated: 11/04/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fatfreecrm fat free crm 0.19.0

# Exploit Title: Fat Free CRM v0190 - HTML Injection # Date: 2019-03-20 # Exploit Author: Ismail Tasdelen # Vendor Homepage: wwwfatfreecrmcom/ # Source Code : githubcom/fatfreecrm # Software : Fat Free CRM # Product Version: v0190 # Vulnerability Type : Code Injection # Vulnerability : HTML Injection # CVE : CVE-2019-10226 ...

Fat Free CRM version 0190 suffers from an html injection vulnerability ...

CWE-79 http://packetstormsecurity.com/files/152263/Fat-Free-CRM-0.19.0-HTML-Injection.html https://www.exploit-db.com/exploits/46617/https://github.com/fatfreecrm/fat_free_crm/issues/1235 https://github.com/fatfreecrm/fat_free_crm/blob/master/app/views/comments/_comment.html.haml#L2 https://apidock.com/rails/ActionView/Helpers/TextHelper/simple_format https://nvd.nist.gov https://www.exploit-db.com/exploits/46617

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10226

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect