COOEY // HUBcompliance · community · intelligence

FAIL › dossier

vtiger crm product

· dossier confidence 50%

vTiger CRM is an open-source CRM platform with a recent critical security posture due to three independent reflected XSS vulnerabilities in version 7.4.0 that enable remote code execution.

3
failure events
0
zero-days
3
RCEs
0
on KEV
3
critical
50
worst shame

Profile

Category
Software
What they do
vTiger CRM is an open-source customer relationship management (CRM) solution providing tools for managing contacts, leads, and sales pipelines.
Website
https://www.vtiger.com

Security posture

Recent critical vulnerabilities in vTiger CRM 7.4.0 allow remote code execution via reflected XSS in tag, parent, and viewname parameters on the index page.

Notable failures
  • CVE-2024-44777: Reflected XSS RCE in tag parameter
  • CVE-2024-44778: Reflected XSS RCE in parent parameter
  • CVE-2024-44779: Reflected XSS RCE in viewname parameter
Patterns
Multiple reflected XSS RCEs in index page parameters

Failure history 3 events

DateEventSevFlagsShameSummary
2024-08-29 CVE-2024-44777 critical ⚡RCE 50 A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
2024-08-29 CVE-2024-44778 critical ⚡RCE 50 A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
2024-08-29 CVE-2024-44779 critical ⚡RCE 50 A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

Dossier sources

Open questions: vTiger CRM version 7.4.0 patch status · vTiger CRM adoption rate in defense-industrial-base (DIB) environments