Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12eDN4LWh3cGgtZ3J2d84AAu9f

Moderate EPSS: 0.00111% (0.30459 Percentile) EPSS:
Permalink JSON

YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module

Affected Packages Affected Versions Fixed Versions
packagist:yetiforce/yetiforce-crm <= 6.4.0 No known fixed version
0 Dependent packages
0 Dependent repositories
201 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy module. A patch is available at commit e55886781509fe39951fc7528347696474a17884.

References:

Identifiers

GHSA-vx3x-hwph-grvw

CVE-2022-3005

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00111

EPSS Percentile: 0.30459

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON