CVE-2025-45755
MEDIUMvtiger CRM Open Source Edition 8.3.0 - Stored Cross-Site Scripting via Services Import CSV
Title source: llmDescription
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution.
References (2)
Core 2
Core References
Scores
CVSS v3
6.1
EPSS
0.0025
EPSS Percentile
16.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
vtiger/vtiger_crm
8.3.0
Published
May 21, 2025
Tracked Since
Feb 18, 2026