Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EspoCRM 跨站脚本漏洞
Vulnerability Description
EspoCRM是一套开源的基于Web的客户关系管理系统(CRM)。该系统提供销售自动化、社区和客户支持等功能。 EspoCRM 7.1.8版本存在安全漏洞,该漏洞源于导入功能含有跨站脚本,允许远程用户通过向经过身份验证的用户发送包含恶意JavaScript的精心制作的csv文件,在受害者的浏览器中运行恶意 JavaScript。经过身份验证的用户在导入精心制作的CSV文件时,都可能在浏览器中运行恶意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A