Vtiger CRM v8.2.0 – HTML Injection (Authenticated)

Yayınlanan by Okan Kurtuluş

#Exploit Title: Vtiger CRM v8.2.0 – HTML Injection (Authenticated)

#Date: 12 September 2024

#Exploit Author: Okan Kurtulus

#Vendor Homepage: https://www.vtiger.com

#Version: v8.2.0

#Tested on: Ubuntu 22.04

#CVE: 2024-48119

Proof of Concept:

After logging in as a registered user, it was observed that malicious HTML code can be injected into the ‘module’ parameter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Designed By Okan KURTULUS
Yukarı Çık