Cross Site Scripting Vulnerability in Vtiger CRM by Vtiger
CVE-2024-54687

Currently unrated

Key Information:

Vendor: Vtiger
Status: Vtiger Crm
Vendor: CVE Published:; 10 January 2025

What is CVE-2024-54687?

Vtiger CRM versions prior to 6.1 exhibit a security flaw that permits Cross Site Scripting (XSS) through the Documents module. The vulnerability arises from the 'uploadAndSaveFile' function within 'CRMEntity.php', which fails to properly validate user input. Attackers may exploit this weakness to inject malicious scripts, which can lead to unauthorized data access or manipulation, compromising the integrity of user sessions and data privacy.

References

https://andrea0.medium.com

https://andrea0.medium.com/analysis-of-cve-2024-54687-9d8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2025