CVE-2022-22109

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/bottelet/flarepoint

Identifiers

GHSA-jr37-66pj-36v7, CVE-2022-22109

Package Slug

packagist/bottelet/flarepoint

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.

Affected Versions

All versions before 2.2.1

Solution

Upgrade to version 2.2.1 or above.

Last Modified

2022-01-11

source