Exploitation Summary
EIP tracks 1 public exploit for CVE-2019-14221. PoCs published by Kusol Watchara-Apanukorn.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in 1CRM On-Premise Software 8.5.7. The exploit involves creating a malicious report with embedded JavaScript that executes when a victim runs the report.
Description
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
Exploits (1)
exploitdb
WRITEUP
by Kusol Watchara-Apanukorn · textwebappsphp
https://www.exploit-db.com/exploits/47206
This is a writeup describing a stored XSS vulnerability in 1CRM On-Premise Software 8.5.7. The exploit involves creating a malicious report with embedded JavaScript that executes when a victim runs the report.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
1CRM On-Premise Software 8.5.7
Auth required
Prerequisites:
Valid user credentials · Access to the report creation functionality
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/cccaaasser/1CRM-CVE/blob/master/CVE-2019-14221.md
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/47206
Scores
CVSS v3
5.4
EPSS
0.0171
EPSS Percentile
74.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
1crm/1crm_on-premise
< 8.5.7
Published
Aug 08, 2019
Tracked Since
Feb 18, 2026