Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03NHEyLTZqcDQtM3Jxcc4ABABh

Moderate CVSS: 4.6 EPSS: 0.00032% (0.07513 Percentile) EPSS:
Permalink JSON

Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

Affected Packages Affected Versions Fixed Versions
packagist:krayin/laravel-crm <= 1.3.0 No known fixed version
2 Dependent packages
1 Dependent repositories
29,894 Downloads total

Affected Version Ranges

All affected versions

v1.0.0, v1.0.1, v1.1.0, v1.1.1, v1.1.2, v1.1.3, v1.2.0, v1.2.1, v1.2.2, v1.2.3, v1.2.4, v1.3.0

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.

References:

Identifiers

GHSA-74q2-6jp4-3rqq

CVE-2024-45932

Risk

Severity

Moderate

CVSS

CVSS Score: 4.6

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS

EPSS Percentage: 0.00032

EPSS Percentile: 0.07513

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/AslamMahi/CVE-Aslam-Mahi

Date and time

Published

about 1 year ago

Updated

about 1 year ago

API

JSON