CVE-2022-1411
Unrestricted Upload of File with Dangerous Type in yetiforce-crm
6.1
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
How to fix CVE-2022-1411
To remediate CVE-2022-1411, upgrade the affected package to a fixed version below.
- —upgrade to 6.4.0 or later
Is CVE-2022-1411 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 6.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |