Description

EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.

Remediation

References

CVE-2021-3539

Related Vulnerabilities

WordPress Plugin Google Shortlink by BestWebSoft Cross-Site Scripting (1.5.2)

WordPress Plugin MapifyLite (by MapifyPro) Cross-Site Scripting (3.3)

WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)

phpBB CVE-2008-4125 Vulnerability (CVE-2008-4125)

Severity

Medium

Classification

CVE-2021-3539 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities