Advisory
Security Advisory – Multiple Cross Site Scripting Vulnerabilities in EspoCRM
Product: EspoCRM Vendor: Letrium LTD/Open source software Version: 4.5.0, possibly earlier Category: Cross Site Scripting Vendor notified: 2017-03-24 Patched: 2017-04-03 Disclosed: 2017-04-22 Researcher: Carl Pearson Summary Multiple persistent cross site scripting (XSS) vulnerabilities exist in EspoCRM v4.5.0, in the Knowledge Base article body text field, Accounts billing and shipping address Read more…