Stored Cross-Site Scripting (XSS) Vulnerability in Request a Quote Section of Small CRM v3.0 Allows Admin Account Takeover

Stored Cross-Site Scripting (XSS) Vulnerability in Request a Quote Section of Small CRM v3.0 Allows Admin Account Takeover

CVE-2023-45394 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover.

Learn more about our Crm Penetration Testing.