EspoCRM URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2024-24818 - Vulnerability Database

EspoCRM URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2024-24818

Medium

Reference: CVE-2024-24818

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-24818

Title: EspoCRM URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Overview:

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in quotPassword Changequot page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.