Description

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.

Remediation

References

CVE-2018-17301

Related Vulnerabilities

WordPress Plugin IGIT Posts Slider Widget TimThumb Arbitrary File Upload (1.1)

WordPress Plugin Appointment Scheduling for Zoom GoogleMeet and more-Wappointment Cross-Site Scripting (2.2.4)

WordPress Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-29447)

Oracle Application Server CVE-2007-5519 Vulnerability (CVE-2007-5519)

WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)

Severity

Medium

Classification

CVE-2018-17301 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities