Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-jr37-66pj-36v7

Опубликовано: 08 янв. 2022
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Cross-site Scripting in DayByDay CRM

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.

Ссылки

Пакеты

Наименование

bottelet/flarepoint

composer
Затронутые версииВерсия исправления

< 2.2.1

2.2.1

EPSS

Процентиль: 43%
0.00206
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-22109

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2022-22109

CVSS3: 5.4
nvd
около 4 лет назад

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.

EPSS

Процентиль: 43%
0.00206
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-22109

Дефекты

CWE-79