CVE-2026-36341
MEDIUM
NVD
CVSS Score
5.4
Severity
MEDIUM
Published
May 07, 2026
Vendor
unknown
Description
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint