CRMGo SaaS 7.2 Vulnerability: Remote Cross-Site Scripting Exploit
CVE-2024-9030

5.4MEDIUM

Key Information:

Vendor

Codecanyon

Status
Crmgo Saas
Vendor
CVE Published:
20 September 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-9030?

A vulnerability exists in CodeCanyon's CRMGo SaaS version 7.2, which permits cross-site scripting (XSS) due to improper handling of user-supplied data in the /deal/{note_id}/note endpoint. Malicious actors can exploit this issue to inject harmful scripts, which may be executed on the browsers of users accessing the affected functionality. The exploitation can lead to unauthorized actions and the potential compromise of user data. This issue underscores the necessity for enhanced input validation and proper sanitization measures to safeguard against such attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CRMGo SaaS 7.2

References

https://vuldb.com/?id.278200
vdb-entrytechnical-description
https://vuldb.com/?ctiid.278200
signaturepermissions-required
https://bytium.com/stored-xss-vulnerabilities-in-crmgo-sa...
exploit

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jobyer Ahmed
JSON
.