CVE-2024-44777

CRITICAL

vtiger CRM 7.4.0 - Reflected Cross-Site Scripting via Tag Parameter

Title source: llm
STIX 2.1

Description

A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

References (2)

Core 2

Scores

CVSS v3 9.6
EPSS 0.0068
EPSS Percentile 48.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
vtiger/vtiger_crm 7.4.0
Published Aug 29, 2024
Tracked Since Feb 18, 2026