[yetiforce/yetiforce-crm] YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WorkFlow module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-3004
• https://github.com/yetiforcecompany/yetiforcecrm/commit/cd82ecce44d83f1f6c10c7766bf36f3026de024a
• https://huntr.dev/bounties/461e5f8f-17cf-4be4-9149-111d0bd92d14
• https://github.com/advisories/GHSA-qwc8-vjh3-gm2j