Medium severity5.4NVD Advisory· Published Jan 13, 2022· Updated Jun 17, 2026
CVE-2022-22112
CVE-2022-22112
Description
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.1 - 2.2.1+ 1 more
- (no CPE)range: 1.1 - 2.2.1
- (no CPE)range: 1.1
Patches
Vulnerability mechanics
References
2- www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22112nvdExploitThird Party Advisory
- github.com/Bottelet/DaybydayCRM/blob/2.2.1/resources/views/partials/clientheader.blade.phpnvdThird Party Advisory
News mentions
0No linked articles in our index yet.