AI Score
Confidence
High
EPSS
Percentile
53.2%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user’s browser via injecting a crafted payload.
[
{
"cpes": [
"cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*"
],
"vendor": "vtiger",
"product": "vtiger_crm",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
],
"defaultStatus": "unknown"
}
]