CVE-2019-14331

Published: 2019-07-28T14:15Z

Last Modified: 2024-11-21T04:26Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt