YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the LayoutEditor
module. A patch is available at commit eebc12601495ada38495076bec12841b2477516b.
GSA_kwCzR0hTQS1tcWg5LTVqcDktNjc5Oc4AAu9i
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
packagist:yetiforce/yetiforce-crm | <= 6.4.0 | No known fixed version | |
Affected Version RangesAll affected versions4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0 |