CVE-2022-1411

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1411

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1411.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1411

Aliases

GHSA-pqr6-3j58-9w58

Published

2022-05-05T11:15:08Z

Modified

2025-07-02T00:15:53.120753Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.

References

Affected packages

Git / github.com/yetiforcecompany/yetiforcecrm

Affected ranges

Type: GIT
Repo: https://github.com/yetiforcecompany/yetiforcecrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bf69c427260011ffca42f7b6935bb54080c54124

Affected versions

1.*

1.1.0

1.2.0

1.3.0

1.4.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.3.16

2.3.49

3.*

3.0.0

3.1.0

3.2.0

3.3.0

3.4.0

4.*

4.0.0

4.1.0

4.2.0

4.3.0

4.4.0

4.4.0_RC1

4.4.0_RC2

4.4.0_RC3

4.4.0_RC_2

5.*

5.0.0

5.1.0

5.2.0

5.3.0

6.*

6.0.0

6.0.0a

6.2.0

6.3.0