WEB APPLICATION VULNERABILITIES Standard & Premium

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301)

Description

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.

Remediation

References

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-2645)

PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2311)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Cross-Site Scripting (4.2.7)

WordPress Plugin WP HTML Author Bio Cross-Site Scripting (1.2.0)

WordPress Plugin Photo Gallery-Image Gallery by Ape Cross-Site Scripting (1.6.14)

Severity

Medium

Classification

CVE-2018-17301 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities