GSA_kwCzR0hTQS1md2g3LXY0Z2YteHY3d80ciw

Moderate EPSS: 0.00147% (0.3621 Percentile) EPSS:

Permalink JSON

yetiforcecrm is vulnerable to Cross-site Scripting

Affected Packages	Affected Versions	Fixed Versions
packagist:yetiforce/yetiforce-crm	<= 6.3.0	No known fixed version
0 Dependent packages 0 Dependent repositories 201 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-4116
https://github.com/yetiforcecompany/yetiforcecrm/commit/9cdb012ca64ff1f719f8120d5fd162cd5ef1013f
https://huntr.dev/bounties/7561bae7-9053-4dc8-aa59-b71acfb1712c
https://github.com/advisories/GHSA-fwh7-v4gf-xv7w

Identifiers

GHSA-fwh7-v4gf-xv7w

CVE-2021-4116

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00147

EPSS Percentile: 0.3621

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories