Description

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.

Remediation

References

CVE-2018-17301

Related Vulnerabilities

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9933)

Python Numeric Errors Vulnerability (CVE-2014-7185)

WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) PHP Object Injection (1.2.2)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10681)

WebLogic CVE-2023-21996 Vulnerability (CVE-2023-21996)

Severity

Medium

Classification

CVE-2018-17301 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities