GSA_kwCzR0hTQS1ycDQyLWM0NWotZzQ2eM0bdg

Moderate EPSS: 0.00328% (0.55058 Percentile) EPSS:

Permalink JSON

yetiforcecrm is vulnerable to Cross-site Scripting

Affected Packages	Affected Versions	Fixed Versions
packagist:yetiforce/yetiforce-crm	<= 6.3.0	No known fixed version
0 Dependent packages 0 Dependent repositories 201 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-4107
https://github.com/yetiforcecompany/yetiforcecrm/commit/a062d3d5fecb000db207a2ad8a446db97ad96b89
https://huntr.dev/bounties/1d124520-cf29-4539-a0f3-6d041af7b5a8
https://github.com/advisories/GHSA-rp42-c45j-g46x

Identifiers

GHSA-rp42-c45j-g46x

CVE-2021-4107

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00328

EPSS Percentile: 0.55058

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yetiforcecompany/yetiforcecrm

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories