Security Advisory

CVE-2022-22112

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-13 08:35:12

Last updated 2024-09-16 23:35:56

Assigner Mend

State PUBLISHED

Description

In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.

← Browse all CVEs View on cve.org ↗