CVE-2024-46367

Name of the Vulnerable Software and Affected Versions Webkul Krayin CRM version 1.3.0

Description A Stored Cross-Site Scripting (XSS) issue allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.

Recommendations For Webkul Krayin CRM version 1.3.0, consider disabling the submission of user input in the username field until a patch is available to prevent the injection of malicious JavaScript code. Restrict access to sensitive areas of the CRM system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.