Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page.
References
Link | Resource |
---|---|
https://github.com/espocrm/espocrm/issues/1349 | Exploit Third Party Advisory |
https://github.com/espocrm/espocrm/milestone/64?closed=1 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-18T02:17:12
Updated: 2019-07-18T02:17:12
Reserved: 2019-07-17T00:00:00
Link: CVE-2019-13643
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-18T03:15:10.137
Modified: 2019-07-23T16:43:02.673
Link: CVE-2019-13643
JSON object: View
Redhat Information
No data.
CWE