Security Advisory: Vtiger CRM 7.4.0 or below Stored Cross-Site Scripting (CVE-2022-38335)
Vtiger CRM 7.4.0 or below is prone to a stored cross-site scripting vulnerability in the email templates module due to insufficient sanitizing.
Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220328-01_Vtiger_CRM_Stored_Cross-Site_Scripting
Credits
Corinna Rudlstorfer
Thomas Kostal
Jakob Pachmann