Medium severity5.4NVD Advisory· Published Sep 7, 2018· Updated Jun 17, 2026
CVE-2018-14396
CVE-2018-14396
Description
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.
Affected products
2- Range: = 1.6.12
Patches
Vulnerability mechanics
References
1- www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.