[yetiforce/yetiforce-crm] YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the LayoutEditor module. A patch is available at commit eebc12601495ada38495076bec12841b2477516b.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-3000
• https://github.com/yetiforcecompany/yetiforcecrm/commit/eebc12601495ada38495076bec12841b2477516b
• https://huntr.dev/bounties/a060d3dd-6fdd-4958-82a9-364df1cb770c
• https://github.com/advisories/GHSA-mqh9-5jp9-6799