CordysCRM CordysCRM v1.4.1 Stored XSSinformation

Titre	https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS
Description	The ModuleFormController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the save() method's failure to adequately validate or encode the description parameter when handling requests to save form attributes. A remote attacker could exploit the /module/form/save interface to submit malicious JavaScript code. When the form editing function is accessed, the malicious script will execute in its browser environment.
La source	⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2233
Utilisateur	DaytimeHeaven (UID 96977)
Soumission	14/05/2026 05:02 (il y a 21 jours)
Modérer	01/06/2026 18:36 (19 days later)
Statut	Accepté
Entrée VulDB	367674 [1Panel-dev CordysCRM jusqu’à 1.4.1 ModuleFormController ModuleFormService.java save Description cross site scripting]
Points	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!