Page 2 of 7 results (0.012 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la función Agregar Usuario de Small CRM v3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Nombre. • https://github.com/Kartikhunter/CVE/blob/main/CVE-2023-43331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. Existe una vulnerabilidad de cross site scripting (XSS) en Create Ticket page of Small CRM v3.0., permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro "Asunto". • https://medium.com/%40shiva.infocop/stored-xss-found-in-small-crm-phpgurukul-7890ea3c04df https://packetstormsecurity.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •