Security EspoCRM 2.5.2 XSS / LFI / Access Control October 29, 2014 007admin Leave a comment EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.