Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tcWg5LTVqcDktNjc5Oc4AAu9i

Moderate EPSS: 0.00075% (0.23364 Percentile) EPSS:
Permalink JSON

YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module

Affected Packages Affected Versions Fixed Versions
packagist:yetiforce/yetiforce-crm <= 6.4.0 No known fixed version
0 Dependent packages
0 Dependent repositories
201 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the LayoutEditor module. A patch is available at commit eebc12601495ada38495076bec12841b2477516b.

References:

Identifiers

GHSA-mqh9-5jp9-6799

CVE-2022-3000

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00075

EPSS Percentile: 0.23364

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON