CVE-2024-24818
Published Mar 21, 2024
Last updated 8 months ago
Overview
- Description
- EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 4.7
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-610
Social media
- Hype score
- Not currently trending