CVE-2014-5441: Javascript cross-site scripting (XSS) vulnerability

September 12, 2014 (updated September 16, 2014)

Fat Free CRM Gem contains a javascript cross-site scripting (XSS) vulnerability. When a user is created/updated using a specifically crafted username, first name or last name, it is possible for arbitrary javascript to be executed on all Fat Free CRM pages. This code would be executed for all logged-in users.

References

osvdb.org/show/osvdb/110420

Code Behaviors & Features

Detect and mitigate CVE-2014-5441 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →