PT-2023-22798 · 07Flycrm · 07Flycrm

Zxi Tang

Publicado

2023-06-02

Atualizado

2024-05-17

CVE-2023-3058

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions 07FLY CRM versions up to 1.2.0

Description A vulnerability was found in the User Profile Handler component, which can be exploited to lead to cross site scripting. The attack can be initiated remotely.

Recommendations For 07FLY CRM versions up to 1.2.0, consider disabling the User Profile Handler component until a patch is available. Restrict access to the component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-3058

Produtos afetados

07Flycrm

PT-2023-22798 · 07Flycrm · 07Flycrm

CVE-2023-3058

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6