QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1000842

Published: Dec 20, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/asteinhauser/fat_free_crm/issues/1

x_refsource_MISC

https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa

x_refsource_MISC

https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29

x_refsource_MISC

https://groups.google.com/forum/#%21topic/fat-free-crm-users/TxsdZXSe7Jc

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.