#Exploit Title: Vtiger CRM v8.2.0 – HTML Injection (Authenticated)
#Date: 12 September 2024
#Exploit Author: Okan Kurtulus
#Vendor Homepage: https://www.vtiger.com
#Version: v8.2.0
#Tested on: Ubuntu 22.04
#CVE: Not Yet
Proof of Concept:
After logging in as a registered user, it was observed that malicious HTML code can be injected into the ‘module’ parameter.
