Submit #829316: https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSSinfo

Titelhttps://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS
BeschreibungThe ModuleFormController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the save() method's failure to adequately validate or encode the description parameter when handling requests to save form attributes. A remote attacker could exploit the /module/form/save interface to submit malicious JavaScript code. When the form editing function is accessed, the malicious script will execute in its browser environment.
Quelle⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2233
Benutzer
 DaytimeHeaven (UID 96977)
Einreichung14.05.2026 05:02 (vor 24 Tagen)
Moderieren01.06.2026 18:36 (19 days later)
StatusAkzeptiert
VulDB Eintrag367674 [1Panel-dev CordysCRM bis 1.4.1 ModuleFormController ModuleFormService.java save Beschreibung Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!