Vulnerabilities > Zurmo > Zurmo CRM > 2.7.2

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2017-7188 Cross-site Scripting vulnerability in Zurmo CRM
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
network
zurmo CWE-79
3.5
3.5