Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0ycWY4LWg3cHIteDJyOM4AAu9d

Moderate EPSS: 0.00964% (0.75591 Percentile) EPSS:
Permalink JSON

YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module

Affected Packages Affected Versions Fixed Versions
packagist:yetiforce/yetiforce-crm <= 6.4.0 No known fixed version
0 Dependent packages
0 Dependent repositories
201 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WidgetsManagement module. A patch is available at commit b716ecea340783b842498425faa029800bd30420.

References:

Identifiers

GHSA-2qf8-h7pr-x2r8

CVE-2022-2924

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00964

EPSS Percentile: 0.75591

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON