CVE-2026-36341: Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint
(updated )
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint
References
- cyber.spool.co.jp/vulnerabilities/cve-2026-36341
- drive.google.com/file/d/1Y_WjD4Tiq_z7zQUlddFCFMDoyyN300r9/view
- github.com/advisories/GHSA-j822-46r5-h4qx
- github.com/cybercrewinc/CVE-2026-36341
- github.com/krayin/laravel-crm/commit/fc467040de21803cb2b67c2229d2dfcf731d2d3e
- github.com/krayin/laravel-crm/pull/2401
- github.com/krayin/laravel-crm/releases/tag/v2.1.6
- nvd.nist.gov/vuln/detail/CVE-2026-36341
Code Behaviors & Features
Detect and mitigate CVE-2026-36341 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →