CVE-2023-52265 Information

Description

IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.

Reference

https://github.com/wbowm15/jubilant-enigma/blob/main/writeup.md https://github.com/idurar/idurar-erp-crm/compare/2.0.1…2.1.0