Description
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts).
Remediation
References
Related Vulnerabilities
WordPress Plugin WM Simple Captcha Security Bypass (2.0.3)
Drupal Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2024-11941)
Drupal Incorrect Authorization Vulnerability (CVE-2023-31250)
Moodle Incorrect Default Permissions Vulnerability (CVE-2012-1157)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.6.2)