CVE-2024-46366

Name of the Vulnerable Software and Affected Versions Webkul Krayin CRM version 1.3.0

Description A Client-side Template Injection (CSTI) vulnerability allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.

Recommendations For Webkul Krayin CRM version 1.3.0, consider disabling the lead creation process until a patch is available to prevent exploitation of the CSTI vulnerability. Restrict access to the CRM system to minimize the risk of privilege escalation. Avoid using the vulnerable template injection functionality in the lead creation process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.