CVE-2025-3568

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-3568

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3568.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-3568

Published

2025-04-14T14:15:25Z

Modified

2025-06-27T11:04:17.078940Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor prepares a fix for the next major release and explains that he does not think therefore that this should qualify for a CVE.

References

Affected packages

Git / github.com/krayin/laravel-crm

Affected ranges

Type: GIT
Repo: https://github.com/krayin/laravel-crm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d62540f70c44846bfd76d4670ecf1ec556d19fa0

Last affected

da5d6e017f05f75a9563c9124ea61b879f7238f8

Affected versions

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v2.*

v2.0.0

v2.0.0-BETA-1

v2.0.1

v2.0.2

v2.0.4

v2.0.5

v2.0.6

v2.1.0