EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2021-07-27T00:00:00

Updated: 2021-08-04T22:20:47

Reserved: 2021-05-06T00:00:00


Link: CVE-2021-3539

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-08-04T23:15:08.383

Modified: 2021-08-11T19:56:12.100


Link: CVE-2021-3539

JSON object: View

cve-icon Redhat Information

No data.

CWE