CVE-2022-38845: XSS
First published: Fri Sep 16 2022(Updated: )
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EspoCRM | =7.1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38845?
CVE-2022-38845 is a vulnerability in EspoCRM 7.1.8 that allows remote users to run malicious JavaScript in a victim's browser by sending a crafted CSV file containing the malicious code to an authenticated user.
How does CVE-2022-38845 affect EspoCRM?
CVE-2022-38845 affects EspoCRM 7.1.8, allowing remote users to execute malicious JavaScript in a victim's browser.
What is the severity of CVE-2022-38845?
CVE-2022-38845 has a severity level of medium with a CVSS score of 6.1.
How can I fix CVE-2022-38845 in EspoCRM?
To fix CVE-2022-38845 in EspoCRM, update to a version that includes a patch for this vulnerability.
What is the Common Weakness Enumeration (CWE) for CVE-2022-38845?
The Common Weakness Enumeration (CWE) for CVE-2022-38845 is CWE-79, which is a category for cross-site scripting vulnerabilities.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/espocrm
- canonical/espocrm
- version/espocrm/7.1.8