CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.0%
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in “Password Change” page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.0%