CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43331
https://notcve.org/view.php?id=CVE-2023-43331
A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la función Agregar Usuario de Small CRM v3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Nombre. • https://github.com/Kartikhunter/CVE/blob/main/CVE-2023-43331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47073
https://notcve.org/view.php?id=CVE-2022-47073
A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. Existe una vulnerabilidad de cross site scripting (XSS) en Create Ticket page of Small CRM v3.0., permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro "Asunto". • https://medium.com/%40shiva.infocop/stored-xss-found-in-small-crm-phpgurukul-7890ea3c04df https://packetstormsecurity.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •