CVE-2023-44915

Name of the Vulnerable Software and Affected Versions: c3crm versions up to 3.0.4

Description: A cross-site scripting (XSS) issue in the /Login.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login error parameter. This enables attackers to potentially steal user data or take control of user sessions.

Recommendations: For versions up to 3.0.4, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the /Login.php component to minimize the risk of exploitation. Avoid using the login error parameter in the affected /Login.php component until the issue is resolved.