CodeCanyon CRMGo SaaS 7.2 Stored XSS Vulnerability (#410565)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability ID: #410565 2. Vulnerability Title: CodeCanyon CRMGo SaaS 7.2 Stored Cross-Site Scripting (XSS) Vulnerabilities 3. Vulnerability Description: - Vulnerability Summary: Two critical stored Cross-Site Scripting (XSS) vulnerabilities have been identified in CRMGo SaaS version 7.2. - Vulnerability Details: These vulnerabilities occur at two distinct endpoints: (Notes field within the Deals module) and (Comments section in Project Tasks). A low-privileged authenticated attacker can inject malicious JavaScript into user-generated content (notes and comments), which is then stored and executed when other users, including administrators, view the affected pages. Successful exploitation allows attackers to steal sensitive data, impersonate users, and deploy phishing or malware attacks. 4. Affected Endpoints: - – Notes field in the Deals module. - – Comments section in Project Tasks. 5. Severity: High 6. Impact: - Phishing and malware deployment. - User impersonation via session hijacking. - Data leakage and potential full account compromise. 7. Reproduction Steps: - Step 1: Stored XSS 1 - Navigate to - View a deal, then input the payload in the Notes field, save the note, and click the “Add” button. This information provides a detailed description of the vulnerability, including its nature, affected endpoints, severity, and steps to reproduce.

Goal Reached Thanks to every supporter — we hit 100%!

CodeCanyon CRMGo SaaS 7.2 Stored XSS Vulnerability (#410565)