Vulnerabilities > Zurmo > Zurmo CRM > 2.0.22

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2017-7188 Cross-site Scripting vulnerability in Zurmo CRM
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
network
low complexity
zurmo CWE-79
5.4
5.4