Описание
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'.
Уязвимые конфигурации
Конфигурация 1Версия до 3.9 (исключая)
cpe:2.3:a:fairsketch:rise_ultimate_project_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00039
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
3 месяца назад
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'.
EPSS
Процентиль: 11%
0.00039
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79