CVE-2024-24818

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-610
View all →

Vulnerability Description

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

Related Vulnerabilities

CVE-2020-8226

MEDIUM
CVSS:5.8(Medium)

A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.

CWE-6102020

CVE-2024-7625

MEDIUM
CVSS:5.8(Medium)

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocatio...

CWE-6102024

CVE-2022-23439

MEDIUM
CVSS:6.1(Medium)

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version ...

CWE-6102022

CVE-2023-35838

MEDIUM
CVSS:5.7(Medium)

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversa...

CWE-6102023

CVE-2023-44209

MEDIUM
CVSS:5.6(Medium)

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.

CWE-6102023

CVE-2025-1225

MEDIUM
CVSS:6.3(Medium)

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse....

CWE-6102025