CVE-2026-5370 in laravel-crmالمعلومات

الملخص

بحسب MITRE • 02/04/2026

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 73ed28d466bf14787fdb86a120c656a4af270153. To fix this issue, it is recommended to deploy a patch.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulDB

إفشاء

02/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-354756

CPE

جاهز

CWE

CWE-79 (مؤكد)

استغلال

تحميل

CVSS

3.5 (VulDB)

EPSS

0.00040

KEV

لا

النشاطات

منخفض

القطاع

Hostingprovider, Agriculture, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5370
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5370
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5370/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!