mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 06:55:56 +02:00
0xMarcio
718 B
718 B
CVE-2019-14350
Description
EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation.
POC
Reference
Github
No PoCs found on GitHub currently.