Moderate severityNVD Advisory· Published Sep 12, 2014· Updated Jun 17, 2026
CVE-2014-5441
CVE-2014-5441
Description
Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fat_free_crmRubyGems | >= 0.11.1, < 0.13.3 | 0.13.3 |
Affected products
7cpe:2.3:a:fatfreecrm:fat_free_crm:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:fatfreecrm:fat_free_crm:*:*:*:*:*:*:*:*range: <=0.13.0
- cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:fatfreecrm:fat_free_crm:0.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:fatfreecrm:fat_free_crm:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:fatfreecrm:fat_free_crm:0.12.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.