Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-46367

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.

Published

2024-09-27T17:15:13.487

Last Modified

2025-07-09T17:41:49.323

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webkul	krayin_crm	1.3.0	Yes

References

https://gist.github.com/Tommywarren/4ac0c8f6e5d8584accd31b8277e55749 Third Party Advisory ([email protected])