Fat Free CRM Cross-site Scripting vulnerability
Published: May 24, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2019-10226 (NVD)
- GHSA: GHSA-gmg5-r3c4-3fm9
- Vendor Advisory: http://packetstormsecurity.com/files/152263/Fat-Free-CRM-0.19.0-HTML-Injection.html
GEM
SEVERITY
CVSS v3.x: 5.4 (Medium)
PATCHED VERSIONS
None available.
DESCRIPTION
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI.