CVE-2024-44779
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk50th percentile - higher than 50% of all known CVEs
Summary
A reflected cross-site scripting (XSS) vulnerability was found in the viewname parameter on the index page of vTiger CRM 7.4.0. It allows an attacker to execute arbitrary JavaScript code in the victim's browser by injecting a crafted payload.
Risk Assessment
An attacker can hijack user sessions, steal sensitive data, or perform other malicious actions in the victim's browser context, threatening data confidentiality and integrity within the organization.
Recommendation
Immediately upgrade vTiger CRM to the latest version that includes a fix for this vulnerability. Until then, validate and sanitize the viewname parameter server-side.
Original NVD description (English source)
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

