FAIL › dossier
· dossier confidence 50%
vTiger CRM is an open-source CRM platform with a recent critical security posture due to three independent reflected XSS vulnerabilities in version 7.4.0 that enable remote code execution.
Recent critical vulnerabilities in vTiger CRM 7.4.0 allow remote code execution via reflected XSS in tag, parent, and viewname parameters on the index page.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2024-08-29 | CVE-2024-44777 | critical | ⚡RCE | 50 | A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
| 2024-08-29 | CVE-2024-44778 | critical | ⚡RCE | 50 | A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
| 2024-08-29 | CVE-2024-44779 | critical | ⚡RCE | 50 | A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
Open questions: vTiger CRM version 7.4.0 patch status · vTiger CRM adoption rate in defense-industrial-base (DIB) environments