5.9 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in “Password Change” page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
[
{
"vendor": "espocrm",
"product": "espocrm",
"versions": [
{
"version": "< 8.1.2",
"status": "affected"
}
]
}
]
5.9 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%