Lucene search
GitHub_MCVELIST:CVE-2024-24818HistoryFeb 29, 2024 - 3:17 p.m.
CVE-2024-24818 EspoCRM weakness in "Forgot password"
2024-02-2915:17:16
CWE-610
GitHub_M
www.cve.org
1
espocrm
weakness
forgot password
injection
arbitrary ip
domain
credential stealing
fixed
8.1.2
security vulnerability
CVSS3
5.9
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
EPSS
0
Percentile
9.0%
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in “Password Change” page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
CNA Affected
[
{
"vendor": "espocrm",
"product": "espocrm",
"versions": [
{
"version": "< 8.1.2",
"status": "affected"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-24818 EspoCRM weakness in "Forgot password"
2024-02-29 15:17:16
prion
prion
Default credentials
2024-03-14 22:51:32
nvd
nvd
CVE-2024-24818
2024-03-21 02:52:12
osv
osv
CVE-2024-24818
2024-03-21 02:52:12
BIT-espocrm-2024-24818
2024-03-31 18:17:26
cve
cve
CVE-2024-24818
2024-03-21 02:52:12
CVSS3
5.9
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-24818