Description

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.

Remediation

References

CVE-2014-7987

Related Vulnerabilities

WordPress Plugin VK Gallery TimThumb Arbitrary File Upload (1.1.0)

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-10234)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37148)

WordPress Plugin s2member Secure File Browser Cross-Site Scripting (0.4.16)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.69)

Severity

Medium

Classification

CVE-2014-7987 CWE-707

Tags

Missing Update Known Vulnerabilities