CVE-2024-44779

Name of the Vulnerable Software and Affected Versions vTiger CRM version 7.4.0

Description A reflected cross-site scripting (XSS) issue in the viewname parameter of the index page allows attackers to execute arbitrary code in the context of a user's browser by injecting a specially crafted payload. The viewname parameter is vulnerable to this issue, enabling attackers to run code in the user's browser context.

Recommendations For vTiger CRM version 7.4.0, consider disabling access to the index page or restricting the use of the viewname parameter until a patch is available. Avoid using the viewname parameter in the affected index page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.