Lucene search
HistoryMar 21, 2024 - 2:52 a.m.
CVE-2024-24818
espocrm
customer relationship management
vulnerability
fixed
8.1.2
credential stealing
CVSS3
5.9
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
EPSS
0
Percentile
9.0%
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in “Password Change” page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
Related
cvelist
cvelist
CVE-2024-24818 EspoCRM weakness in "Forgot password"
2024-02-29 15:17:16
vulnrichment
vulnrichment
CVE-2024-24818 EspoCRM weakness in "Forgot password"
2024-02-29 15:17:16
prion
prion
Default credentials
2024-03-14 22:51:32
osv
osv
CVE-2024-24818
2024-03-21 02:52:12
BIT-espocrm-2024-24818
2024-03-31 18:17:26
cve
cve
CVE-2024-24818
2024-03-21 02:52:12
CVSS3
5.9
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-24818