Moderate severityNVD Advisory· Published Jun 10, 2019· Updated Aug 4, 2024
CVE-2019-10226
CVE-2019-10226
Description
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fat_free_crmRubyGems | <= 0.19.0 | — |
Affected products
2- Fat Free CRM/Fat Free CRMdescription
Patches
Vulnerability mechanics
References
10- www.exploit-db.com/exploits/46617/mitreexploit
- github.com/advisories/GHSA-gmg5-r3c4-3fm9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10226ghsaADVISORY
- packetstormsecurity.com/files/152263/Fat-Free-CRM-0.19.0-HTML-Injection.htmlghsaWEB
- apidock.com/rails/ActionView/Helpers/TextHelper/simple_formatghsaWEB
- github.com/fatfreecrm/fat_free_crm/blob/master/app/views/comments/_comment.html.hamlghsaWEB
- github.com/fatfreecrm/fat_free_crm/issues/1235ghsaWEB
- github.com/github/advisory-database/pull/3599ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/fat_free_crm/CVE-2019-10226.ymlghsaWEB
- www.exploit-db.com/exploits/46617ghsaWEB
News mentions
0No linked articles in our index yet.