CVE-2024-44778

Name of the Vulnerable Software and Affected Versions vTiger CRM version 7.4.0

Description A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For vTiger CRM version 7.4.0, consider disabling access to the index page until a patch is available. Restrict the use of the parent parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.