CVE-2024-44778
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk48th percentile - higher than 48% of all known CVEs
Summary
A reflected cross-site scripting (XSS) vulnerability exists in the 'parent' parameter of the index page in vTiger CRM 7.4.0. Attackers can execute arbitrary JavaScript code in the victim's browser by injecting a crafted payload.
Risk Assessment
An attacker can hijack user sessions, steal sensitive data, or perform other malicious actions within the victim's browser context, compromising data confidentiality and integrity in the organization.
Recommendation
Immediately update vTiger CRM to the latest version and apply input filtering and encoding for the 'parent' parameter to prevent XSS attacks.
Original NVD description (English source)
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

