CVE-2020-10227

MEDIUM

Vtenext - XSS

Title source: rule

Description

A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.

Exploits (1)

exploitdb WORKING POC

by Marco Ruela · pythonwebappsmultiple

https://www.exploit-db.com/exploits/48804

View Code ZIP pw:eip

References (3)

[Product, Third Party Advisory] https://sourceforge.net/projects/vtecrm/

[Vendor Advisory] https://vtenext.com/en/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48804

Scores

CVSS v3 6.1

EPSS 0.0051

EPSS Percentile 66.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

vtenext/vtenext 19

Published Sep 14, 2020

Tracked Since Feb 18, 2026