Description
An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.
Remediation
References
Related Vulnerabilities
WordPress Plugin Random Banner Cross-Site Scripting (4.1.4)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)
WordPress Plugin Analytics Remote Code Execution (1.7)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46816)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6629)