Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-46366

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.

Published

2024-09-27T17:15:13.400

Last Modified

2025-07-09T17:57:50.767

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-1336

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webkul	krayin_crm	1.3.0	Yes

References

https://gist.github.com/Tommywarren/89cef7f876ee897a4ff40a8b71b6208e Third Party Advisory ([email protected])