CVE-2021-3539
04.08.2021, 23:15
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
| Vendor | Product | Version |
|---|---|---|
| espocrm | espocrm | 𝑥 ≤ 6.1.6 |
𝑥
= Vulnerable software versions