CVE-2026-5370 | krayin laravel-crm up to 2.2 Activities Module/Notes inbox.spec.ts composeMail cross site scripting (Issue 2419)

Inserito da Angelo Barbosa | Apr 1, 2026 | CVE

A vulnerability identified as problematic has been detected in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-5370. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

To fix this issue, it is recommended to deploy a patch.

CVE-2026-5370 | krayin laravel-crm up to 2.2 Activities Module/Notes inbox.spec.ts composeMail cross site scripting (Issue 2419)

Post correlati

CVE-2024-3034 | BackUpWordPress Plugin up to 3.13 on WordPress path traversal

CVE-2024-28809 | Infinera hiT 7300 5.60.50 Firmware Update hard-coded credentials

CVE-2024-52505 | matrix-org matrix-appservice-irc up to 3.0.2 Provisioning API input terminators (GHSA-c3hj-hg7p-rrq5)

CVE-2025-60168 | HotelRunner Booking Widget Plugin up to 1.6 on WordPress cross-site request forgery