Medium severity5.4NVD Advisory· Published May 7, 2026· Updated May 7, 2026
CVE-2026-36341
CVE-2026-36341
Description
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
krayin/laravel-crmPackagist | >= 2.1.5, < 2.1.6 | 2.1.6 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-j822-46r5-h4qxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-36341ghsaADVISORY
- cyber.spool.co.jp/vulnerabilities/cve-2026-36341ghsaWEB
- drive.google.com/file/d/1Y_WjD4Tiq_z7zQUlddFCFMDoyyN300r9/viewnvdWEB
- github.com/krayin/laravel-crm/commit/fc467040de21803cb2b67c2229d2dfcf731d2d3eghsaWEB
- github.com/krayin/laravel-crm/pull/2401nvdWEB
- github.com/krayin/laravel-crm/releases/tag/v2.1.6nvdWEB
- cyber.spool.co.jp/vulnerabilities/cve-2026-36341/nvd
News mentions
0No linked articles in our index yet.