exploitDog

CVE-2022-38335

Опубликовано: 27 сент. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.

Ссылки

https://code.vtiger.com/vtiger/vtigercrm
Vendor Advisory
https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220328-01_Vtiger_CRM_Stored_Cross-Site_Scripting
Exploit
Third Party Advisory
https://www.vtiger.com/
Product
https://code.vtiger.com/vtiger/vtigercrm
Vendor Advisory
https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220328-01_Vtiger_CRM_Stored_Cross-Site_Scripting
Exploit
Third Party Advisory
https://www.vtiger.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*

Версия до 7.4.0 (включая)

EPSS

Процентиль: 66%

0.00507

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-qww5-j4p3-7mj5

CVSS3: 5.4

github

больше 3 лет назад

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.

EPSS

Процентиль: 66%

0.00507

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79