VYPR
Moderate severityNVD Advisory· Published Sep 12, 2014· Updated Jun 17, 2026

CVE-2014-5441

CVE-2014-5441

Description

Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
fat_free_crmRubyGems
>= 0.11.1, < 0.13.30.13.3

Affected products

7
  • cpe:2.3:a:fatfreecrm:fat_free_crm:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:fatfreecrm:fat_free_crm:*:*:*:*:*:*:*:*range: <=0.13.0
    • cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:fatfreecrm:fat_free_crm:0.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:fatfreecrm:fat_free_crm:0.12.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 0.11.1, < 0.13.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.