VYPR
Medium severity5.4NVD Advisory· Published Apr 14, 2017· Updated Jun 17, 2026

CVE-2017-7188

CVE-2017-7188

Description

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • cpe:2.3:a:zurmo:zurmo_crm:*:*:*:*:*:*:*:*
    Range: <=3.1.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.