Vulnerability CVE-2023-52265
Published: 2023-12-30   Modified: 2023-12-31

Description:
IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.

 References:
https://github.com/wbowm15/jubilant-enigma/blob/main/writeup.md
https://github.com/idurar/idurar-erp-crm/compare/2.0.1...2.1.0
Copyright 2026, cxsecurity.com

 

Back to Top