PT-2024-31245 · Vtiger · Vtiger Crm

Published

2024-08-29

Updated

2025-03-11

CVE-2024-44777

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vTiger CRM version 7.4.0

Description A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. The vulnerability is exploited through the index page, specifically targeting the tag parameter.

Recommendations For vTiger CRM version 7.4.0, as a temporary workaround, consider restricting access to the index page or disabling the tag parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-44777

Affected Products

Vtiger Crm

PT-2024-31245 · Vtiger · Vtiger Crm

CVE-2024-44777

Weakness Enumeration

Related Identifiers

Affected Products

References · 8