CVE-2026-5370: Cross Site Scripting in krayin laravel-crm
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 73ed28d466bf14787fdb86a120c656a4af270153. To fix this issue, it is recommended to deploy a patch.
AI Analysis
Technical Summary
The vulnerability in krayin laravel-crm (up to version 2.2) is a cross-site scripting flaw located in the composeMail function of the Activities Module/Notes Module. This flaw allows remote attackers to inject malicious scripts, potentially leading to client-side code execution. The issue is confirmed in the test file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts. A patch has been identified (commit 73ed28d466bf14787fdb86a120c656a4af270153) to remediate this vulnerability.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to session hijacking, defacement, or other client-side attacks. The CVSS score of 5.1 reflects a medium impact with network attack vector and low complexity. No known active exploitation in the wild has been reported.
Mitigation Recommendations
A patch is available for this vulnerability, identified by commit 73ed28d466bf14787fdb86a120c656a4af270153. It is recommended to apply this patch promptly to remediate the cross-site scripting issue. Since this is not a cloud service, remediation depends on deploying the patch in affected environments. Monitor the vendor's repository or advisory channels for the official patch release and instructions.
CVE-2026-5370: Cross Site Scripting in krayin laravel-crm
Description
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 73ed28d466bf14787fdb86a120c656a4af270153. To fix this issue, it is recommended to deploy a patch.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in krayin laravel-crm (up to version 2.2) is a cross-site scripting flaw located in the composeMail function of the Activities Module/Notes Module. This flaw allows remote attackers to inject malicious scripts, potentially leading to client-side code execution. The issue is confirmed in the test file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts. A patch has been identified (commit 73ed28d466bf14787fdb86a120c656a4af270153) to remediate this vulnerability.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to session hijacking, defacement, or other client-side attacks. The CVSS score of 5.1 reflects a medium impact with network attack vector and low complexity. No known active exploitation in the wild has been reported.
Mitigation Recommendations
A patch is available for this vulnerability, identified by commit 73ed28d466bf14787fdb86a120c656a4af270153. It is recommended to apply this patch promptly to remediate the cross-site scripting issue. Since this is not a cloud service, remediation depends on deploying the patch in affected environments. Monitor the vendor's repository or advisory channels for the official patch release and instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-01T18:56:23.688Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cead0fe6bfc5ba1df180b6
Added to database: 4/2/2026, 5:53:19 PM
Last enriched: 4/9/2026, 10:43:07 PM
Last updated: 5/20/2026, 8:52:23 PM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.