← Back to CVE List

CVE-2018-9283

Published: 2018-09-07T22:29Z
Last Modified: 2024-11-21T04:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt