Description
An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.
Remediation
References
Related Vulnerabilities
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7911)
WordPress Plugin PI Button includes Backdoor [Only if downloaded via the vendor website] (3.3.3)
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)
WordPress Plugin AnyFont Cross-Site Scripting (2.2.3)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-29213)