Vulners
Lucene search
vTiger CRM 7.4.0 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 23 |
|---|---|---|---|---|
 | vTiger CRM 7.4.0 Cross Site Scripting / Open Redirection Vulnerabilities | 29 Aug 202400:00 | – | zdt |
 | CVE-2024-44777 | 29 Aug 202421:14 | – | circl |
| CVE-2024-44778 | 29 Aug 202421:14 | – | circl |
| CVE-2024-44779 | 29 Aug 202421:14 | – | circl |
 | Vtiger CRM 安全漏洞 | 29 Aug 202400:00 | – | cnnvd |
| vTiger CRM 安全漏洞 | 29 Aug 202400:00 | – | cnnvd |
| vTiger CRM 安全漏洞 | 29 Aug 202400:00 | – | cnnvd |
 | CVE-2024-44777 | 29 Aug 202400:00 | – | cve |
| CVE-2024-44778 | 29 Aug 202400:00 | – | cve |
| CVE-2024-44779 | 29 Aug 202400:00 | – | cve |
10
`[CVE-ID]:CVE-2024-44778
------------------------------------------
[Suggested description]:A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Affected Component]:The parent parameter of vTiger CRM 7.4.0 Index page
------------------------------------------
[Attack Type]:Remote
------------------------------------------
[CVE Impact Other]:Run Arbitrary Javascript code
------------------------------------------
[Attack Vectors]:Crafted URL
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]:true
------------------------------------------
[Discoverer]:Marco Nappi
------------------------------------------
[Reference]
http://vtiger.com
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22
[CVE-ID]:CVE-2024-44779
------------------------------------------
[Suggested description]
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
------------------------------------------
[Additional Information]:
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt=
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page .
------------------------------------------
[Attack Type]:Remote
------------------------------------------
[CVE Impact Other]:
Run Arbitrary JS code
------------------------------------------
[Attack Vectors]
Crafted URL
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]:true
------------------------------------------
[Discoverer]:Marco Nappi
------------------------------------------
[Reference]
http://vtiger.com
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd
[CVE-ID]:CVE-2024-44777
------------------------------------------
[Suggested description]
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Affected Component]
The "tag" parameter of vTiger CRM 7.4.0 Index page
------------------------------------------
[Attack Type]:Remote
------------------------------------------
[CVE Impact Other]
Run Arbitrary Javascript code
------------------------------------------
[Attack Vectors]:Crafted URL
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]:true
------------------------------------------
[Discoverer]:Marco Nappi
------------------------------------------
[Reference]
http://vtiger.com
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Aug 2024 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.02157