VOOZH about

URL: https://github.com/advisories/GHSA-jr37-66pj-36v7

⇱ Cross-site Scripting in DayByDay CRM · CVE-2022-22109 · GitHub Advisory Database · GitHub

Skip to content

Cross-site Scripting in DayByDay CRM

Moderate severity GitHub Reviewed Published to the GitHub Advisory Database • Updated

Package

bottelet/flarepoint (Composer)

Affected versions

< 2.2.1

Patched versions

2.2.1

Description

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.

References

Reviewed
Published to the GitHub Advisory Database
Last updated

Severity

Moderate
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS score

(41st percentile)

Weaknesses

CVE ID

CVE-2022-22109

GHSA ID

GHSA-jr37-66pj-36v7

Source code

See something to contribute? Suggest improvements for this vulnerability.
You can’t perform that action at this time.