Description

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.

Remediation

References

CVE-2014-7987

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2012-0884)

Drupal Core 8.7.4 Security Bypass (8.7.4)

Oracle Application Server Other Vulnerability (CVE-2005-3445)

MySQL CVE-2022-21303 Vulnerability (CVE-2022-21303)

WordPress Plugin Japanized For WooCommerce Cross-Site Scripting (2.5.4)

Severity

Medium

Classification

CVE-2014-7987 CWE-707

Tags

Missing Update Known Vulnerabilities