Description
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (1.9.12)
Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1010054)
OpenVPN AS Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-33737)
WordPress 'index.php' Cross-Site Scripting Vulnerability (1.5)