Vulnerability Details CVE-2022-22109
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109
- https://github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109
Products affected by CVE-2022-22109
-
cpe:2.3:a:daybydaycrm:daybyday_crm:2.2.0