GSA_kwCzR0hTQS12OWZqLWg4ZzYtNHc5cc4AAvLC

Moderate EPSS: 0.0098% (0.75852 Percentile) EPSS:

Permalink JSON

YetiForce CRM vulnerable to stored Cross-site Scripting

Affected Packages	Affected Versions	Fixed Versions
packagist:yetiforce/yetiforce-crm	<= 6.4.0	No known fixed version
0 Dependent packages 0 Dependent repositories 201 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0

YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-3002
https://github.com/yetiforcecompany/yetiforcecrm/commit/54728becfdad9b6e686bbe336007cba2ce518248
https://huntr.dev/bounties/d213d7ea-fe92-40b2-a1f9-2ba32dec50f5
https://github.com/advisories/GHSA-v9fj-h8g6-4w9q

Identifiers

GHSA-v9fj-h8g6-4w9q

CVE-2022-3002

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0098

EPSS Percentile: 0.75852

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories