An issue exists in EspoCRM prior to 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
espocrm espocrm |