CVE-2025-70936

Name of the Vulnerable Software and Affected Versions Vtiger CRM version 8.4.0

Description A reflected cross-site scripting (XSS) issue exists in the MailManager module, where XSS is a type of attack that injects malicious scripts into a trusted website. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.