Cross Site Scripting Vulnerability in Krayin CRM by Aslam Mahi
CVE-2024-45932

4.8MEDIUM

Key Information:

Vendor: Webkul
Status: Krayin Crm
Vendor: CVE Published:; 7 October 2024

What is CVE-2024-45932?

Krayin CRM version 1.3.0 is susceptible to a Cross Site Scripting (XSS) vulnerability that can be exploited through the organization name field located at /admin/contacts/organizations/edit/2. Attackers can inject malicious scripts into this field, which may lead to unauthorized actions and data extraction from users visiting the affected pages. This poses a significant risk to data integrity and user privacy, prompting the need for immediate action and remediations to secure the application.

References

http://TobeReleased.com

https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Lar...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2024

Webkul

What is CVE-2024-45932?

References

CVSS V3.1

Timeline