Sha256: d5deda42f7d6701c6e20af9f62d59a899b93c07129f506244969bb81185674d6

Contents?: true

Size: 617 Bytes

Versions: 5

Compression:

Stored size: 617 Bytes

Contents

---
gem: fat_free_crm
osvdb: 110420
cve: 2014-5441
url: http://osvdb.org/show/osvdb/110420
title: Fat Free CRM Gem contains a javascript cross-site scripting (XSS)
  vulnerability
date: 2014-08-22
description: |
  Fat Free CRM Gem contains a javascript cross-site scripting (XSS)
  vulnerability. When a user is created/updated using a specifically
  crafted username, first name or last name, it is possible for
  arbitrary javascript to be executed on all Fat Free CRM pages.
  This code would be executed for all logged in users.
cvss_v2: 4.3
unaffected_versions:
  - "<= 0.11.0"
patched_versions:
  - ">= 0.13.3"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/fat_free_crm/OSVDB-110420.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/fat_free_crm/OSVDB-110420.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/fat_free_crm/OSVDB-110420.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/fat_free_crm/OSVDB-110420.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/fat_free_crm/OSVDB-110420.yml