Medium severity5.4OSV Advisory· Published Sep 21, 2018· Updated Jun 17, 2026
CVE-2018-17302
CVE-2018-17302
Description
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/espocrm/espocrm/issues/1039nvdExploitIssue TrackingThird Party Advisory
- github.com/security-breachlock/CVE-2018-17302/blob/master/XSS%20%28Stored%29%20in%20EspoCRM.pdfnvd
News mentions
0No linked articles in our index yet.