An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.
References
Link | Resource |
---|---|
http://www.cinquino.eu/EspoCRM.htm | Exploit Third Party Advisory |
https://github.com/espocrm/espocrm/commit/4ab7d19776011288b875abd3eef1e1f6f75289e2 | Patch Third Party Advisory |
https://github.com/espocrm/espocrm/compare/5.6.5...5.6.6 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-28T13:46:07
Updated: 2019-07-28T13:46:07
Reserved: 2019-07-28T00:00:00
Link: CVE-2019-14329
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-28T14:15:10.837
Modified: 2019-07-30T14:03:54.927
Link: CVE-2019-14329
JSON object: View
Redhat Information
No data.
CWE