WEB APPLICATION VULNERABILITIES Standard & Premium

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301)

Description

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.

Remediation

References

Related Vulnerabilities

WebLogic CVE-2019-2568 Vulnerability (CVE-2019-2568)

WordPress Plugin Responsive Filterable Portfolio Unspecified Vulnerability (1.0.8)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-48007)

WordPress Plugin WP Database Backup Unspecified Vulnerability (4.1)

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-4094)

Severity

Medium

Classification

CVE-2018-17301 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities