CVE-2026-10567 | 1Panel-dev CordysCRM up to 1.4.1 ModuleFormController ModuleFormService.java save Description cross site scripting (Issue 2233)

A vulnerability was found in 1Panel-dev CordysCRM up to 1.4.1. It has been classified as problematic. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site scripting.

This vulnerability is listed as CVE-2026-10567. The attack may be initiated remotely. In addition, an exploit is available.

Upgrading the affected component is recommended.

CVE-2026-10567 | 1Panel-dev CordysCRM up to 1.4.1 ModuleFormController ModuleFormService.java save Description cross site scripting (Issue 2233)

Post correlati

CVE-2026-45214 | Xpro Elementor Addons Plugin up to 1.5.1 on WordPress sql injection

CVE-2024-38863 | Checkmk up to 2.1.0p47/2.2.0p34/2.3.0p17 get request method with sensitive query strings

CVE-2024-37284 | Elastic Defend up to 8.13.2 on Windows exceptional condition

CVE-2025-24309 | OpenHarmony up to 5.0.2 Pre-installed Apps out-of-bounds write