YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy
module. A patch is available at commit e55886781509fe39951fc7528347696474a17884.
GSA_kwCzR0hTQS12eDN4LWh3cGgtZ3J2d84AAu9f
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
packagist:yetiforce/yetiforce-crm | <= 6.4.0 | No known fixed version | |
Affected Version RangesAll affected versions4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0 |