Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 30 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:vtiger:vtiger_crm:8.2.0:*:*:*:*:*:*:*

Thu, 17 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Vtiger
Vtiger vtiger Crm
Weaknesses CWE-79
CPEs cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
Vendors & Products Vtiger
Vtiger vtiger Crm
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 14:00:00 +0000

Type Values Removed Values Added
Description Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-17T17:32:57.909Z

Reserved: 2024-10-08T00:00:00

Link: CVE-2024-48119

cve-icon Vulnrichment

Updated: 2024-10-17T17:32:51.348Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-14T14:15:11.597

Modified: 2024-10-30T14:32:43.217

Link: CVE-2024-48119

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.