FAIL › dossier
· dossier confidence 50%
vTiger CRM is an open-source CRM platform with a critical security posture due to multiple remote code execution vulnerabilities discovered in recent versions, including reflected XSS in version 7.4.0 and authenticated RCE via file upload in version 8.4.0.
vTiger CRM has a critical security posture with multiple remote code execution vulnerabilities discovered in recent versions, including reflected XSS in version 7.4.0 and authenticated RCE via file upload in version 8.4.0.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2024-08-29 | CVE-2024-44777 | critical | ⚡RCE | 50 | A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
| 2024-08-29 | CVE-2024-44778 | critical | ⚡RCE | 50 | A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
| 2024-08-29 | CVE-2024-44779 | critical | ⚡RCE | 50 | A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
Open questions: Exact founding date and headquarters location · Current version distribution and patching velocity