Description
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2018-3004 Vulnerability (CVE-2018-3004)
WordPress Plugin DB Toolkit 'uploadify.php' Arbitrary File Upload (0.1.10)
WebLogic CVE-2019-2418 Vulnerability (CVE-2019-2418)
OpenSSL Other Vulnerability (CVE-2002-0656)
WordPress Plugin GD bbPress Attachments Multiple Vulnerabilities (2.2)