Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:BIT-ESPOCRM-2024-24818
HistoryMar 31, 2024 - 6:17 p.m.

BIT-espocrm-2024-24818

2024-03-3118:17:26
Google
osv.dev
7
espocrm
open source
crm
vulnerability
fixed
8.1.2
ip injection
domain injection
password change page
malicious page
credential stealing
attack

5.9 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in “Password Change” page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

CPENameOperatorVersion
espocrmlt8.1.2

Related

cvelist 1
prion 1
osv 1
nvd 1
cve 1
cvelist
cvelist
CVE-2024-24818 EspoCRM weakness in "Forgot password"
2024-02-29 15:17:16
prion
prion
Default credentials
2024-03-14 22:51:32
osv
osv
CVE-2024-24818
2024-03-21 02:52:12
nvd
nvd
CVE-2024-24818
2024-03-21 02:52:12
cve
cve
CVE-2024-24818
2024-03-21 02:52:12

5.9 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for OSV:BIT-ESPOCRM-2024-24818
cvelist1prion1osv1nvd1cve1