An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12eDN4LWh3cGgtZ3J2d84AAu9f

Moderate EPSS: 0.00111% (0.30459 Percentile) EPSS:

YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module

Affected Packages Affected Versions Fixed Versions
packagist:yetiforce/yetiforce-crm <= 6.4.0 No known fixed version
0 Dependent packages
0 Dependent repositories
201 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy module. A patch is available at commit e55886781509fe39951fc7528347696474a17884.

References: