VYPR
Medium severity5.4NVD Advisory· Published May 7, 2026· Updated May 7, 2026

CVE-2026-36341

CVE-2026-36341

Description

Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
krayin/laravel-crmPackagist
>= 2.1.5, < 2.1.62.1.6

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.