GSA_kwCzR0hTQS13ODNtLXJnaGgtZnJ4as4AAuYe

Moderate EPSS: 0.00095% (0.27495 Percentile) EPSS:

Permalink JSON

Cross site scripting in yetiforce/yetiforce-crm

Affected Packages	Affected Versions	Fixed Versions
packagist:yetiforce/yetiforce-crm	< 6.4.0	6.4.0
0 Dependent packages 0 Dependent repositories 201 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0 All unaffected versions 6.4.0, 6.5.0, 7.0.0

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-1340
https://github.com/yetiforcecompany/yetiforcecrm/commit/2c14baaf8dbc7fd82d5c585f2fa0c23528450618
https://huntr.dev/bounties/4746f149-fc55-48a1-a7ab-fd7c7412c05a
https://github.com/advisories/GHSA-w83m-rghh-frxj

Identifiers

GHSA-w83m-rghh-frxj

CVE-2022-1340

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00095

EPSS Percentile: 0.27495

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories