EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in functionality for storing documents in account tab. Attacker can upload specially crafted file, which contains javascript code in its name. Malicious javascript code will be executed when user open page of any profile there is a file with javascript in filename.
But this file can be created only on Linux or you can edit field name in local proxy (e.g. Burp Suite)
Description
EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in functionality for storing documents in account tab. Attacker can upload specially crafted file, which contains javascript code in its name. Malicious javascript code will be executed when user open page of any profile there is a file with javascript in filename.
But this file can be created only on Linux or you can edit field name in local proxy (e.g. Burp Suite)
Request
Vulnerable parameters
fileNameandnamePoC
The text was updated successfully, but these errors were encountered: