Vulnerabilities > Fatfreecrm > FAT Free CRM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-20 | CVE-2018-20975 | Cross-site Scripting vulnerability in Fatfreecrm FAT Free CRM Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. | 6.1 |
| 2019-06-10 | CVE-2019-10226 | Cross-site Scripting vulnerability in Fatfreecrm FAT Free CRM 0.19.0 HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. | 5.4 |