CMDBuild 3.3.2 Cross-Site Scripting (XSS) Vulnerability Summary Vulnerability Overview Vulnerability Name: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS) EDB-ID: 50257 Publication Date: 2021-11-16 Vulnerability Type: Stored Cross-Site Scripting (Stored XSS) Description: Multiple stored cross-site scripting vulnerabilities exist in Tecnoteca CMDBuild 3.3.1, allowing remote attackers to inject arbitrary web scripts or HTML via crafted SVG documents. Impact Scope Affected Application: Tecnoteca CMDBuild Affected Versions: CMDBuild 3.3.1 (Tested version: 3.3.2) Attack Vectors: Add Attachment Add Office Document Add Employee Remediation The page does not provide specific patch links or fix code. It is recommended to contact the vendor or refer to the official software link to obtain updates. Official Software Link: https://www.cmdbuild.org/en/download/latest-version Proof of Concept (POC) Request Example:**