CodeCanyon CRMGo SaaS Vulnerability: Remote Cross-Site Scripting Exploit Disclosed
CVE-2024-9031

5.4MEDIUM

Key Information:

Vendor

Codecanyon

Status
Crmgo Saas
Vendor
CVE Published:
20 September 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-9031?

A cross-site scripting flaw has been identified in the CodeCanyon CRMGo SaaS application, specifically in versions up to 7.2. This vulnerability arises from improper processing of the file path /project/task/{task_id}/show. Attackers are able to exploit this flaw by manipulating the comment argument, potentially allowing for the execution of malicious scripts in the context of a user's session. With the exploit disclosed to the public, remote attackers could leverage this issue to compromise user data or perform additional malicious actions on affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CRMGo SaaS 7.0

CRMGo SaaS 7.1

CRMGo SaaS 7.2

References

https://vuldb.com/?id.278201
vdb-entrytechnical-description
https://vuldb.com/?ctiid.278201
signaturepermissions-required
https://vuldb.com/?submit.410565
third-party-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jobyer Ahmed
suffer (VulDB User)
JSON
.