Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-09-12T14:00:00
Updated: 2024-08-06T11:41:49.310Z
Reserved: 2014-08-22T00:00:00
Link: CVE-2014-5441
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-09-12T14:55:07.470
Modified: 2014-09-16T18:49:13.530
Link: CVE-2014-5441
Redhat
No data.