Description
EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2007-1054)
WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Scripting (1.3.5)
Drupal Core 9.4.x Security Bypass (9.4.0 - 9.4.2)
WordPress Plugin WP Simple Cart Arbitrary File Upload (1.0.15)
Oracle Application Server CVE-2006-0288 Vulnerability (CVE-2006-0288)