---
gem: fat_free_crm
cve: 2018-20975
ghsa: 4p8f-mmfj-r45g
url: https://github.com/fatfreecrm/fat_free_crm/commit/6d60bc8ed010c4eda05d6645c64849f415f68d65
date: 2019-08-21
title: fat_free_crm XSS via query parameter of tags_helper method
description: |
  Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.
cvss_v3: 6.1
patched_versions:
- ">= 0.18.1"