mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
838 B
838 B
CVE-2019-14549
Description
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link.
POC
Reference
- https://gauravnarwani.com/publications/cve-2019-14549/
- https://gauravnarwani.com/publications/cve-2019-14549/
Github
No PoCs found on GitHub currently.