CVE-2018-20975
MEDIUMFat Free CRM < 0.18.1 - Cross-Site Scripting in Tags Helper
Title source: llmDescription
Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.
References (3)
Core 3
Core References
Release Notes x_refsource_confirm
https://github.com/fatfreecrm/fat_free_crm/releases/tag/v0.18.1
Patch, Third Party Advisory x_refsource_confirm
https://github.com/fatfreecrm/fat_free_crm/commit/6d60bc8ed010c4eda05d6645c64849f415f68d65
Patch, Third Party Advisory x_refsource_confirm
https://github.com/fatfreecrm/fat_free_crm/compare/v0.17.3...v0.18.1
Scores
CVSS v3
6.1
EPSS
0.0030
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
fatfreecrm/fat_free_crm
< 0.18.1
rubygems/fat_free_crm
0 - 0.18.1RubyGems
Published
Aug 20, 2019
Tracked Since
Feb 18, 2026