Vulnerability Details CVE-2024-46366
A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.8%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-46366
-
cpe:2.3:a:webkul:krayin_crm:1.3.0