Medium severity5.4NVD Advisory· Published Jan 5, 2022· Updated Jun 17, 2026
CVE-2022-22109
CVE-2022-22109
Description
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bottelet/flarepointPackagist | < 2.2.1 | 2.2.1 |
Affected products
3- Range: 2.2.0
- Range: 2.2.0
Patches
Vulnerability mechanics
References
4- github.com/Bottelet/DaybydayCRM/commit/002dc75f400cf307bd00b71a5a93f1e26e52cee2nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-jr37-66pj-36v7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-22109ghsaADVISORY
- www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22109nvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.