Description
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts).
Remediation
References
Related Vulnerabilities
WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)
Moodle Improper Privilege Management Vulnerability (CVE-2017-7532)
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)
TYPO3 Improper Neutralization of HTTP Headers for Scripting Syntax Vulnerability (CVE-2021-41114)
WordPress Plugin Stripe Payment for WooCommerce Cross-Site Scripting (3.5.9)