CordysCRM CordysCRM v1.4.1 Stored XSSالمعلومات

عنوان	https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS
الوصف	The AnnouncementController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the addAnnouncement() method's failure to adequately validate or encode the content parameter when processing new announcement requests. A remote attacker could use the /announcement/add interface to submit announcement content containing malicious JavaScript code. This announcement could be viewed by any user, allowing an attack on any user on the system. When a designated user (such as an administrator or regular employee) views the announcement, the malicious script will execute in their browser environment.
المصدر	⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2229
المستخدم	DaytimeHeaven (UID 96977)
ارسال	13/05/2026 12:37 PM (24 أيام منذ)
الاعتدال	01/06/2026 07:49 AM (19 days later)
الحالة	تمت الموافقة
إدخال VulDB	367596 [1Panel-dev CordysCRM حتى 1.6.2 RequestParamTrimConfig.java البرمجة عبر المواقع]
النقاط	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!