An issue exists in EspoCRM prior to 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
espocrm espocrm |