CVE-2021-41924
MEDIUMWebkul Krayin CRM < 1.2.2 - Stored Cross-Site Scripting
Title source: llmDescription
Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS).
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/krayin/laravel-crm/pull/195/commits/882dc2e7e7e9149b96cf1ccacf34900960b92fb7
Scores
CVSS v3
6.1
EPSS
0.0057
EPSS Percentile
43.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
krayin/laravel-crm
0 - 1.2.2Packagist
webkul/krayin
< 1.2.2
Published
Jun 21, 2022
Tracked Since
Feb 18, 2026