CVE-2024-54687
MEDIUMvtiger CRM < 6.1 - Stored Cross-Site Scripting via Documents Module File Upload
Title source: llmDescription
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.
References (2)
Core 2
Core References
Third Party Advisory
https://andrea0.medium.com
Exploit, Third Party Advisory
https://andrea0.medium.com/analysis-of-cve-2024-54687-9d82f4c0eaa8
Scores
CVSS v3
6.1
EPSS
0.0036
EPSS Percentile
27.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
vtiger/vtiger_crm
< 6.1
Published
Jan 10, 2025
Tracked Since
Feb 18, 2026