CVE-2026-36341
MEDIUM5.4EPSS 0.03%Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint
發布日:2026/5/7修改日:2026/5/12
描述
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint
受影響套件(1)
- Packagist/krayin/laravel-crm>= 2.1.5, < 2.1.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-36341
- PATCHhttps://github.com/krayin/laravel-crm
- WEBhttps://cyber.spool.co.jp/vulnerabilities/cve-2026-36341
- WEBhttps://drive.google.com/file/d/1Y_WjD4Tiq_z7zQUlddFCFMDoyyN300r9/view
- WEBhttps://github.com/cybercrewinc/CVE-2026-36341
- WEBhttps://github.com/krayin/laravel-crm/commit/fc467040de21803cb2b67c2229d2dfcf731d2d3e
- WEBhttps://github.com/krayin/laravel-crm/pull/2401
- WEBhttps://github.com/krayin/laravel-crm/releases/tag/v2.1.6