EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
espocrm espocrm |