Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

News

SBA Security Advisory – Vtiger CRM – Stored Cross-Site Scripting (CVE-2022-38335)

Vulnerability Overview

Vtiger CRM 7.4.0 or below is prone to a stored cross-site scripting vulnerability in the email templates module due to insufficient sanitizing.

  • Type of Vulnerability: Cross Site Scripting
  • CVE ID: CVE-2022-38335
  • CVSSv3.1 Vector: AV:N/AC:L/PR::/UI:R/S:C/C:H/I:L/A:N
  • CVSSv3.1 Base Score: 7.6 (High)

Links

Full Security Advisory

Credits