EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-29T15:17:16.859Z
Updated: 2024-02-29T15:17:16.859Z
Reserved: 2024-01-31T16:28:17.942Z
Link: CVE-2024-24818
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-03-21T02:52:12.073
Modified: 2024-03-21T12:58:51.093
Link: CVE-2024-24818
JSON object: View
Redhat Information
No data.
CWE