CordysCRM CordysCRM v1.4.1 Stored XSSinformación

Título	https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS
Descripción	The ModuleFormController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the save() method's failure to adequately validate or encode the description parameter when handling requests to save form attributes. A remote attacker could exploit the /module/form/save interface to submit malicious JavaScript code. When the form editing function is accessed, the malicious script will execute in its browser environment.
Fuente	⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2233
Usuario	DaytimeHeaven (UID 96977)
Sumisión	2026-05-14 05:02 (hace 30 días)
Moderación	2026-06-01 18:36 (19 days later)
Estado	Aceptado
Entrada de VulDB	367674 [1Panel-dev CordysCRM hasta 1.4.1 ModuleFormController ModuleFormService.java save Descripción secuencias de comandos en sitios cruzados]
Puntos	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!