Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2021-3539

Disclosure Date: July 27, 2021 (last updated February 23, 2025)
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0