GHSA-jr37-66pj-36v7, CVE-2022-22109
packagist/bottelet/flarepoint
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
All versions before 2.2.1
Upgrade to version 2.2.1 or above.
2022-01-11
source |