GHSA-74q2-6jp4-3rqq

Source

https://github.com/advisories/GHSA-74q2-6jp4-3rqq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-74q2-6jp4-3rqq/GHSA-74q2-6jp4-3rqq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-74q2-6jp4-3rqq

Aliases

CVE-2024-45932

Published

2024-10-07T18:31:07Z

Modified

2024-10-07T19:42:09.927685Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
4.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

Details

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.

Database specific

{
    "nvd_published_at": "2024-10-07T16:15:05Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-07T19:27:13Z"
}

References

Affected packages

Packagist / krayin/laravel-crm

Package

Name: krayin/laravel-crm
Purl: pkg:composer/krayin/laravel-crm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.3.0

Affected versions

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0