Skip to main content

Laravel Crm

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5370 PHP LOW POC PATCH Monitor

Stored cross-site scripting (XSS) in Krayin Laravel-CRM up to version 2.2 allows authenticated users with low privileges to inject malicious scripts via the composeMail function in the Activities/Notes Module, which are then executed when other users view the content. The vulnerability requires user interaction (UI:P) but has confirmed publicly available exploit code and a vendor-released patch (commit 73ed28d466bf14787fdb86a120c656a4af270153), making it a moderate priority for deployments where multiple users interact with notes and mail features.

XSS Laravel Crm
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-5370 PHP
EPSS 0% CVSS 2.0
LOW POC PATCH Monitor

Stored cross-site scripting (XSS) in Krayin Laravel-CRM up to version 2.2 allows authenticated users with low privileges to inject malicious scripts via the composeMail function in the Activities/Notes Module, which are then executed when other users view the content. The vulnerability requires user interaction (UI:P) but has confirmed publicly available exploit code and a vendor-released patch (commit 73ed28d466bf14787fdb86a120c656a4af270153), making it a moderate priority for deployments where multiple users interact with notes and mail features.

XSS Laravel Crm
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy