Description

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.

Remediation

References

CVE-2014-7987

Related Vulnerabilities

Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13897)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6472)

Piwigo Improper Access Control Vulnerability (CVE-2016-10514)

WordPress Plugin Elements For Elementor Local File Inclusion (2.1)

WordPress Plugin WP-Polls Cross-Site Scripting (2.60)

Severity

Medium

Classification

CVE-2014-7987 CWE-707

Tags

Missing Update Known Vulnerabilities