CVE-2019-14548
Last modified
CVE-2019-14548 is a vulnerability of currently unknown severity. An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. EPSS estimates a 1.08% chance of exploitation in the next 30 days.
Description
An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims' cookies (hence compromising their accounts).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Espocrm | Espocrm | < 5.6.9 |
References
- https://gauravnarwani.com/publications/cve-2019-14548/Exploit, Third Party Advisory
- https://github.com/espocrm/espocrm/commit/ffd3f762ce4a8de3b8962f33513e073c55d943b5Patch, Third Party Advisory
- https://github.com/espocrm/espocrm/issues/1369Third Party Advisory
- https://github.com/espocrm/espocrm/releases/tag/5.6.9Release Notes, Third Party Advisory
- https://gauravnarwani.com/publications/cve-2019-14548/Exploit, Third Party Advisory
- https://github.com/espocrm/espocrm/commit/ffd3f762ce4a8de3b8962f33513e073c55d943b5Patch, Third Party Advisory
- https://github.com/espocrm/espocrm/issues/1369Third Party Advisory
- https://github.com/espocrm/espocrm/releases/tag/5.6.9Release Notes, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-14548?
How severe is CVE-2019-14548?
How do I fix CVE-2019-14548?
Are you affected by CVE-2019-14548?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST