ГлавнаяУязвимости → CVE-2024-46367
9.6критическая

CVE-2024-46367

Описание

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.

Затрагиваемое ПО
Webkul Krayin crm
CVSS
Балл9.6 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Источники
https://gist.github.com/Tommywarren/4ac0c8f6e5d8584accd31b8277e55749