Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
EspoCRM URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-24818) - Vulnerability Database

EspoCRM URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-24818)

Description

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

References

CVE-2024-24818

Related Vulnerabilities

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275) Critical
Common tags: Missing Update Known Vulnerabilities
Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-10688) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-10242) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10243) Critical
Common tags: Missing Update Known Vulnerabilities
ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252) High
Common tags: Missing Update Known Vulnerabilities

Severity

Medium

Classification

CVE-2024-24818
CWE-601
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Tags

Missing Update
Known Vulnerabilities