PT-2024-30177 · Unknown · Elaine'S Realtime Crm Automation
Haythem Arfaoui
·
Published
2024-09-23
·
Updated
2024-10-10
·
CVE-2024-42831
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Elaine's Realtime CRM Automation version 6.18.17
Description
A reflected cross-site scripting (XSS) issue allows attackers to execute arbitrary JavaScript code in a user's web browser by injecting a crafted payload into the
dialog parameter at "wrapper dialog.php".Recommendations
For Elaine's Realtime CRM Automation version 6.18.17, consider disabling access to the "wrapper dialog.php" endpoint until a patch is available to prevent exploitation of the reflected XSS issue. Restrict input to the
dialog parameter to minimize the risk of arbitrary JavaScript code execution. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elaine'S Realtime Crm Automation