VIR Vulnerability Intelligence Relay

CVE-2014-5441

medium
Published 2014-08-22 · Modified 2024-12-03
CVSS v3
CVSS v2
4.3
VIR risk
4.3

Description

Fat Free CRM subject to Cross-site Scripting

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-vulnerability-%2826th-August-2014%29

Package impact
EcosystemPackageVulnerableFixed
ruby RubyGemsfat_free_crm!<= 0.11.0||<>= 0.13.3>= 0.13.3
ruby RubyGemsfat_free_crm>=0.11.1,<0.13.30.13.3

Application impact
VendorProductVersionsFixed
fatfreecrmfat_free_crm{"endIncluding":"0.13.0"}
fatfreecrmfat_free_crm0.11.1
fatfreecrmfat_free_crm0.11.2
fatfreecrmfat_free_crm0.11.4
fatfreecrmfat_free_crm0.12.0
fatfreecrmfat_free_crm0.12.1

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.