CVE-2018-1000842

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000842
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000842.json
Aliases
Published
2018-12-20T15:29:01Z
Modified
2023-11-29T06:24:09.315670Z
Details

FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.

References

Affected packages

Git / github.com/fatfreecrm/fat_free_crm

Affected ranges

Type
GIT
Repo
https://github.com/fatfreecrm/fat_free_crm
Events
Last affected
3eef2ed07c6de4f4d0694f4af76bfab7c6dff6cb
Introduced
8c4a83fe17bcdc2a2bd0aa2112fc4da5688cdc73
Last affected
08798da5650c9854e55f6f03f151643044927f4e
Introduced
06336b3e7ba2f6844daff1b50ae8cf6c7379aee7
Last affected
27f9055622d10173dbb41ddb4bf32a4dfc45b6d4
Introduced
628bfb0803af868e84980c01ebebaa062e5d43ad
Last affected
cbeacad75aa8b04494bb509b56e234a2b2168833
Last affected
38a7f854790b4d38d1b37bb741c6457f1dd49543

Affected versions

v0.*

v0.15.0
v0.15.1
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.17.0
v0.17.1
v0.17.2
v0.18.0