| Название | https://github.com/1Panel-dev/CordysCRM CordysCRM v1.4.1 Stored XSS |
|---|
| Описание | The ModuleFormController component in CordysCRM v1.4.1 contains a stored cross-site scripting (XSS) vulnerability. This vulnerability stems from the save() method's failure to adequately validate or encode the description parameter when handling requests to save form attributes. A remote attacker could exploit the /module/form/save interface to submit malicious JavaScript code. When the form editing function is accessed, the malicious script will execute in its browser environment. |
|---|
| Источник | ⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2233 |
|---|
| Пользователь | DaytimeHeaven (UID 96977) |
|---|
| Представление | 14.05.2026 05:02 (21 дни назад) |
|---|
| Модерация | 01.06.2026 18:36 (19 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 367674 [1Panel-dev CordysCRM до 1.4.1 ModuleFormController ModuleFormService.java save Описание межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|