CVE-2022-3004 — Cross-site Scripting in Yetiforcecrm

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 44.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 20

Latest updateSep 21

Description

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶PyPIsaltstack/salt3004 — 3004.1+5

GHSA

YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module↗2022-09-21

▶

OSV

YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module↗2022-09-21

▶

CVEList

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm↗2022-09-20

▶

GHSA

Salt's PAM auth fails to reject locked accounts↗2022-06-25

▶

GHSA

SaltStack Improper Verification of Cryptographic Signature↗2022-03-30

▶