| शीर्षक | https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS |
|---|
| विवरण | The ModuleFormController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the save() method's failure to adequately validate or encode the description parameter when handling requests to save form attributes. A remote attacker could exploit the /module/form/save interface to submit malicious JavaScript code. When the form editing function is accessed, the malicious script will execute in its browser environment. |
|---|
| स्रोत | ⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2233 |
|---|
| उपयोगकर्ता | DaytimeHeaven (UID 96977) |
|---|
| सबमिशन | 14/05/2026 05:02 AM (21 दिन पहले) |
|---|
| संयम | 01/06/2026 06:36 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367674 [1Panel-dev CordysCRM तक 1.4.1 ModuleFormController ModuleFormService.java save विवरण क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|