CVE Catalog

CVE-2024-44778

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.69%

48th percentile - higher than 48% of all known CVEs

Summary

A reflected cross-site scripting (XSS) vulnerability exists in the 'parent' parameter of the index page in vTiger CRM 7.4.0. Attackers can execute arbitrary JavaScript code in the victim's browser by injecting a crafted payload.

Risk Assessment

An attacker can hijack user sessions, steal sensitive data, or perform other malicious actions within the victim's browser context, compromising data confidentiality and integrity in the organization.

Recommendation

Immediately update vTiger CRM to the latest version and apply input filtering and encoding for the 'parent' parameter to prevent XSS attacks.

Original NVD description (English source)

A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS