Lucene search

[email protected]CVE-2024-36413

HistoryJun 10, 2024 - 8:15 p.m.

CVE-2024-36413

2024-06-1020:15:14

CWE-79

[email protected]

web.nvd.nist.gov

suitecrm

vulnerability

cross-site scripting

cve-2024-36413

fix

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected configurations

Vulners

NVD

Node

salesagilitysuitecrmRange<7.14.4

salesagilitysuitecrmRange8.0.0–8.6.1

CPENameOperatorVersion
salesagility:suitecrmsalesagility suitecrmlt7.14.4
salesagility:suitecrmsalesagility suitecrmlt8.6.1

CPE	Name	Operator	Version
salesagility:suitecrm	salesagility suitecrm	lt	7.14.4
salesagility:suitecrm	salesagility suitecrm	lt	8.6.1

CNA Affected

[
  {
    "vendor": "salesagility",
    "product": "SuiteCRM",
    "versions": [
      {
        "version": "< 7.14.4",
        "status": "affected"
      },
      {
        "version": ">= 8.0.0, < 8.6.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/salesagility/SuiteCRM/security/advisories/GHSA-ph2c-hvvf-r273

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVE-2024-36413

osv2 vulnrichment1 cvelist1 nvd1