Description
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media Library Assistant Multiple Cross-Site Scripting Vulnerabilities (2.73)
WordPress Plugin Email Queue by BestWebSoft Cross-Site Request Forgery (1.0.0)
WordPress Plugin Knews Multilingual Newsletters Cross-Site Request Forgery (1.2.5)
WordPress Plugin Easy WP SMTP Security Bypass (1.4.2)
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)