Description

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.

Remediation

References

CVE-2014-7987

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (1.9.12)

Apache HTTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-3303)

Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1010054)

OpenVPN AS Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-33737)

WordPress 'index.php' Cross-Site Scripting Vulnerability (1.5)

Severity

Medium

Classification

CVE-2014-7987 CWE-707

Tags

Missing Update Known Vulnerabilities