Submeter #829316: https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSSinformação

Títulohttps://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS
DescriçãoThe ModuleFormController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the save() method's failure to adequately validate or encode the description parameter when handling requests to save form attributes. A remote attacker could exploit the /module/form/save interface to submit malicious JavaScript code. When the form editing function is accessed, the malicious script will execute in its browser environment.
Fonte⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2233
Utilizador
 DaytimeHeaven (UID 96977)
Submissão14/05/2026 05h02 (há 23 dias)
Moderação01/06/2026 18h36 (19 days later)
EstadoAceite
Entrada VulDB367674 [1Panel-dev CordysCRM até 1.4.1 ModuleFormController ModuleFormService.java save Descrição Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!