CVE-2024-9031

Name of the Vulnerable Software and Affected Versions: CodeCanyon CRMGo SaaS versions up to 7.2

Description: A problematic issue has been found in the software, affecting some unknown processing of the file "/project/task/{task id}/show". The manipulation of the comment argument leads to cross-site scripting. The attack may be initiated remotely.

Recommendations: For versions up to 7.2, consider disabling access to the "/project/task/{task id}/show" endpoint until a patch is available. Restrict the use of the comment argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.