CVE-2023-3505
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability was found in Onest CRM 1.0, classified as problematic. It affects an unknown part of the file /admin/project/update/2 of the component Project List Handler, where manipulation of the argument name with the input <script>alert(1)</script> leads to cross-site scripting.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.
Recommendation
It is recommended to update Onest CRM to the latest version to mitigate this vulnerability and to monitor the application for unauthorized activities.
Original NVD description (English source)
A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

