---
gem: fat_free_crm
osvdb: 110420
cve: 2014-5441
url: https://nvd.nist.gov/vuln/detail/CVE-2014-5441
title: Fat Free CRM Gem contains a javascript cross-site scripting (XSS)
  vulnerability
date: 2014-08-22
description: |
  Fat Free CRM Gem contains a javascript cross-site scripting (XSS)
  vulnerability. When a user is created/updated using a specifically
  crafted username, first name or last name, it is possible for
  arbitrary javascript to be executed on all Fat Free CRM pages.
  This code would be executed for all logged in users.
cvss_v2: 4.3
unaffected_versions:
  - "<= 0.11.0"
patched_versions:
  - ">= 0.13.3"