Stored Cross-Site Scripting Vulnerability in Vtiger CRM by Vtiger
CVE-2022-38335

5.4MEDIUM

Key Information:

Vendor

Vtiger

Status
Vtiger Crm
Vendor
CVE Published:
27 September 2022

What is CVE-2022-38335?

A stored cross-site scripting (XSS) vulnerability has been identified in Vtiger CRM v7.4.0, specifically impacting the e-mail template modules. This flaw allows attackers to inject malicious scripts that could be executed in the context of a user's session, potentially compromising sensitive user information. Organizations utilizing Vtiger CRM should take immediate steps to mitigate this risk and ensure that their systems are updated to a version that addresses this vulnerability.

References

https://www.vtiger.com/
x_refsource_MISC
https://code.vtiger.com/vtiger/vtigercrm
x_refsource_MISC
https://github.com/sbaresearch/advisories/tree/public/202...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.