CVE-2018-17302

CVE-2018-17302

EPSS 0.6%

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/espocrm/espocrm/issues/1039 https://github.com/security-breachlock/CVE-2018-17302/blob/master/XSS%20%28Stored%29%20in%20EspoCRM.pdf