CVE-2019-14546

CVE-2019-14546

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims’ cookies (hence compromising their accounts).

Source: CVE-2019-14546

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다