Vulnerability Details CVE-2022-22112
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/Bottelet/DaybydayCRM/blob/2.2.1/resources/views/partials/clientheader.blade.php#L17
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22112
- https://github.com/Bottelet/DaybydayCRM/blob/2.2.1/resources/views/partials/clientheader.blade.php#L17
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22112
Products affected by CVE-2022-22112
-
cpe:2.3:a:daybydaycrm:daybyday:2.1.0