Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fat Free CRM 跨站脚本漏洞
Vulnerability Description
Fat Free CRM是一套开源的基于Ruby on Rails的客户关系管理平台。该平台包含团队协作、客户管理、联系人列表、客户跟踪等模块。 Fat Free CRM 0.13.3之前版本的app/views/layouts/application.html.haml文件中存在跨站脚本漏洞。远程攻击者可通过create或edit user操作中的‘username’、‘first name’或‘last name’参数利用该漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A