First published: Wed Jan 20 2021(Updated: )
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vtiger Vtiger Crm | =7.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-19362.
The severity of CVE-2020-19362 is medium (6.1).
The affected software for CVE-2020-19362 is Vtiger CRM version 7.2.0.
An attacker can exploit CVE-2020-19362 by tricking users into opening a maliciously crafted link or third-party web page that triggers a reflected XSS attack in Vtiger CRM.
Yes, you can find references for CVE-2020-19362 at these links: [https://emreovunc.com/blog/en/vtiger_crm_xss_03.png](https://emreovunc.com/blog/en/vtiger_crm_xss_03.png) and [https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/](https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/).