Unrated severityNVD Advisory· Published Aug 5, 2019· Updated Aug 5, 2024
CVE-2019-14546
CVE-2019-14546
Description
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims' cookies (hence compromising their accounts).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- EspoCRM/EspoCRMdescription
Patches
Vulnerability mechanics
References
4- gauravnarwani.com/publications/CVE-2019-14546/mitrex_refsource_MISC
- github.com/espocrm/espocrm/commit/ffd3f762ce4a8de3b8962f33513e073c55d943b5mitrex_refsource_MISC
- github.com/espocrm/espocrm/issues/1369mitrex_refsource_MISC
- github.com/espocrm/espocrm/releases/tag/5.6.9mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.