← volver
CVE-2024-24818

EspoCRM weakness in "Forgot password"

CVSS 5.9 MEDIUMEPSS 0.6%CWE-610
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Productos afectados
espocrm · espocrm

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j