Security Advisory – Multiple Cross Site Scripting Vulnerabilities in EspoCRM

Product: EspoCRM Vendor: Letrium LTD/Open source software Version: 4.5.0, possibly earlier Category: Cross Site Scripting Vendor notified: 2017-03-24 Patched: 2017-04-03 Disclosed: 2017-04-22 Researcher: Carl Pearson Summary Multiple persistent cross site scripting (XSS) vulnerabilities exist in EspoCRM v4.5.0, in the Knowledge Base article body text field, Accounts billing and shipping address Read more…

Security Advisory – Cross Site Request Forgery in Chyrp Lite

Product: Chyrp Lite Vendor: Open source community Version: 2016.04 “Lago” and earlier Category: Cross site request forgery (CSRF) Vendor Notified: 2017-01-05 Patched: 2017-01-06 Disclosed: 2017-03-06 Researcher(s): Carl Pearson CVE: CVE-2017-1000008 Summary A cross-site request forgery (CSRF) vulnerability exists in the user properites function of the Chyrp Lite blog engine. An Read more…