Skip to main content

Vtiger Crm CVE-2022-38335

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-09-27 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 27, 2022 - 23:15 nvd
MEDIUM 5.4

DescriptionNVD

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.

AnalysisAI

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. Affected products include: Vtiger Vtiger Crm.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-2268 MEDIUM POC
5.0 Nov 16

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which all

CVE-2016-1713 HIGH POC
7.3 Apr 14

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger

CVE-2026-23697 HIGH POC
8.7 Jul 07

Remote code execution in Vtiger CRM before 8.4.0 lets an authenticated low-privileged user upload a malicious .phar file

CVE-2019-19202 HIGH POC
8.8 Nov 21

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to c

CVE-2019-11057 HIGH POC
8.8 May 17

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL comma

CVE-2026-23698 HIGH POC
8.6 Jul 07

Authenticated remote code execution in Vtiger CRM through version 8.4.0 lets an administrator upload a crafted ZIP archi

CVE-2024-42995 HIGH POC
8.3 Aug 16

VTiger CRM <= 8.1.0 does not correctly check user privileges. Rated high severity (CVSS 8.3), this vulnerability is remo

CVE-2013-3213 HIGH POC
7.5 Apr 02

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL

CVE-2024-42994 HIGH POC
7.2 Aug 16

VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection

CVE-2019-5009 HIGH POC
7.2 Jan 04

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the upload

CVE-2014-2269 MEDIUM POC
6.4 Apr 22

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for

CVE-2012-4867 MEDIUM POC
5.0 Sep 06

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote at

Share

CVE-2022-38335 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy