CVE-2024-48119

Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vtiger:vtiger_crm:8.2.0:*:*:*:*:*:*:*

History

30 Oct 2024, 14:32

Type Values Removed Values Added
First Time Vtiger
Vtiger vtiger Crm
CPE cpe:2.3:a:vtiger:vtiger_crm:8.2.0:*:*:*:*:*:*:*
References () https://okankurtulus.com.tr/2024/09/12/vtiger-crm-v8-2-0-html-injection-authenticated/ - () https://okankurtulus.com.tr/2024/09/12/vtiger-crm-v8-2-0-html-injection-authenticated/ - Exploit, Third Party Advisory

17 Oct 2024, 18:35

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Vtiger CRM v8.2.0 tiene una vulnerabilidad de inyección de HTML en el parámetro del módulo. Los usuarios autenticados pueden inyectar HTML arbitrario.

14 Oct 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-14 14:15

Updated : 2024-10-30 14:32


NVD link : CVE-2024-48119

Mitre link : CVE-2024-48119

CVE.ORG link : CVE-2024-48119


JSON object : View

Products Affected

vtiger

  • vtiger_crm
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')