CVE-2026-5370 in laravel-crmthông tin

Tóm tắt

Bởi MITRE • 02/04/2026

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 73ed28d466bf14787fdb86a120c656a4af270153. To fix this issue, it is recommended to deploy a patch.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

VulDB

Tiết lộ

02/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-354756

CPE

sẵn sàng

CWE

CWE-79 (Đã xác nhận)

Khai thác

Tải xuống

CVSS

3.5 (VulDB)

EPSS

0.00040

KEV

không

Các hoạt động

thấp

ngành

Energy, Chemical, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5370
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5370
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5370/

◂ Trước Tổng Quan Tiếp theo ▸

Do you know our Splunk app?

Download it now for free!