An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tcWg5LTVqcDktNjc5Oc4AAu9i

Moderate EPSS: 0.00075% (0.23364 Percentile) EPSS:

YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module

Affected Packages Affected Versions Fixed Versions
packagist:yetiforce/yetiforce-crm <= 6.4.0 No known fixed version
0 Dependent packages
0 Dependent repositories
201 Downloads total

Affected Version Ranges

All affected versions

4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the LayoutEditor module. A patch is available at commit eebc12601495ada38495076bec12841b2477516b.

References: