CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-46367

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.8%

CVSS Severity

CVSS v3 Score 9.6

References

https://gist.github.com/Tommywarren/4ac0c8f6e5d8584accd31b8277e55749

Products affected by CVE-2024-46367

Webkul » Krayin Crm » Version: 1.3.0

cpe:2.3:a:webkul:krayin_crm:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-46367

Products

Pricing

Contact Us