| عنوان | https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS |
|---|
| الوصف | The ModuleFormController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the save() method's failure to adequately validate or encode the description parameter when handling requests to save form attributes. A remote attacker could exploit the /module/form/save interface to submit malicious JavaScript code. When the form editing function is accessed, the malicious script will execute in its browser environment. |
|---|
| المصدر | ⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2233 |
|---|
| المستخدم | DaytimeHeaven (UID 96977) |
|---|
| ارسال | 14/05/2026 05:02 AM (23 أيام منذ) |
|---|
| الاعتدال | 01/06/2026 06:36 PM (19 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367674 [1Panel-dev CordysCRM حتى 1.4.1 ModuleFormController ModuleFormService.java save الوصف البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|