5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-1340

GHSA ID

GHSA-w83m-rghh-frxj

EPSS Score

0.27438%

CWE

CWE-79

Published

8/23/2022

Updated

1/28/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-1340

CVE-2022-1340: Cross site scripting in yetiforce/yetiforce-crm

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

(GitHub Advisory)

5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-1340

GHSA ID

GHSA-w83m-rghh-frxj

EPSS Score

0.27438%

CWE

CWE-79

Published

8/23/2022

Updated

1/28/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
yetiforce/yetiforce-crm	composer	< 6.4.0	6.4.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*ross-sit* S*riptin* (XSS) - Stor** in *it*u* r*pository y*ti*or***omp*ny/y*ti*or***rm prior to *.*.*.

Reasoning

No *n*lysis *v*il**l*

5.4

Basic Information

Concerned about an active attack path?

CVE-2022-1340: Cross site scripting in yetiforce/yetiforce-crm

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI