GHSA-wcfx-3m6v-4frg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wcfx-3m6v-4frg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wcfx-3m6v-4frg/GHSA-wcfx-3m6v-4frg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wcfx-3m6v-4frg
- Aliases
-
- CVE-2014-5441
- Published
- 2022-05-17T04:35:23Z
- Modified
- 2024-12-03T06:04:56.546820Z
- Summary
- Fat Free CRM subject to Cross-site Scripting
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in
app/views/layouts/application.html.hamlin Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action. - Database specific
{ "nvd_published_at": "2014-09-12T14:55:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-01-23T14:45:13Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-5441
- https://github.com/fatfreecrm/fat_free_crm/commit/95464495f1e3e714d5c295fe621af5d2e0d4238d
- https://github.com/fatfreecrm/fat_free_crm
- https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-vulnerability-%2826th-August-2014%29
- http://packetstormsecurity.com/files/127978/Fatt-Free-CRM-Cross-Site-Scripting.html
Affected packages
RubyGems / fat_free_crm
Package
- Name
- fat_free_crm
- Purl
- pkg:gem/fat_free_crm