Vulnerabilities > Zurmo > Zurmo > 3.2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-19 | CVE-2018-19596 | Cross-site Scripting vulnerability in Zurmo 3.2.4 Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. | 4.8 |
| 2018-12-19 | CVE-2018-19506 | Cross-site Scripting vulnerability in Zurmo 3.2.4 Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. | 3.5 |