CVE-2019-14350

Published: 2019-07-28T16:15Z

Last Modified: 2024-11-21T04:26Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt