CVE Catalog

CVE-2024-44777

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.68%

48th percentile - higher than 48% of all known CVEs

Summary

A reflected XSS vulnerability was found in vTiger CRM 7.4.0 in the 'tag' parameter on the index page. An attacker can inject malicious JavaScript that executes in the victim's browser.

Risk Assessment

The risk includes session hijacking, data theft, or unauthorized actions performed in the context of a logged-in administrator or employee.

Recommendation

Update vTiger CRM to the latest version immediately and apply input filtering and encoding for the 'tag' parameter.

Original NVD description (English source)

A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS