CVE-2024-45932 – krayin/laravel-crm

Package

Manager: composer
Name: krayin/laravel-crm
Vulnerable Version: >=0 <=1.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00032 pctl0.07674

Details

Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in `/admin/contacts/organizations/edit/2`.

Metadata

Created: 2024-10-07T18:31:07Z
Modified: 2024-10-07T19:27:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-74q2-6jp4-3rqq/GHSA-74q2-6jp4-3rqq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-74q2-6jp4-3rqq
Finding: F425
Auto approve: 1