CVE-2022-38845

Published: Sep 16, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-cross-site-scripting-e3e6c708df18

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-38845

Description

Affected Products

References