CVE-2024-24818

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24818

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24818.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-24818

Aliases

BIT-espocrm-2024-24818

Related

GHSA-8gv6-8r33-fm7j

Published

2024-03-21T02:52:12Z

Modified

2025-01-08T15:56:55.249918Z

Summary

[none]

Details

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

References

Affected packages

Git / github.com/espocrm/espocrm

Affected ranges

Type: GIT
Repo: https://github.com/espocrm/espocrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7

Fixed

3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.2.0

3.2.1

3.2.2

3.3.0

3.4.0

3.4.1

3.4.2

3.5.0

3.5.1

3.5.2

3.6.0

3.6.1

3.6.2

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

4.*

4.0.0

4.0.0-beta.1

4.0.0-beta.2

4.0.0-beta.3

4.0.0-beta.4

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3.0

4.3.0-beta.1

4.3.0-beta.2

4.3.1

4.4.0

4.4.1

4.5.0

4.5.1

4.6.0

4.7.0

4.7.1

4.7.2

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.1.0

5.1.1

5.1.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.6.0

5.6.1

5.6.10

5.6.11

5.6.12

5.6.13

5.6.14

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.1

5.7.10

5.7.11

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4

5.8.5

5.9.0

5.9.1

5.9.2

5.9.3

5.9.4

6.*

6.0.0

6.0.0-beta1

6.0.0-beta2

6.0.0-beta3

6.0.0-beta4

6.0.1

6.0.10

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.1.0

6.1.1

6.1.10

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

7.*

7.0.0

7.0.1

7.0.10

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

7.1.0

7.1.1

7.1.10

7.1.11

7.1.2

7.1.3

7.1.4

7.1.5

7.1.6

7.1.7

7.1.8

7.1.9

7.2.0

7.2.1

7.2.2

7.2.3

7.2.4

7.2.5

7.2.6

7.2.7

7.3.0

7.3.1

7.3.2

7.3.3

7.3.4

7.4.0

7.4.1

7.4.2

7.4.3

7.4.4

7.4.5

7.4.6

7.5.0

7.5.1

7.5.2

7.5.3

7.5.4

7.5.5

7.5.6

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0

8.1.1