CVE-2024-45932: Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

October 7, 2024

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.

References

github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Laravel%20CRM%20v1.3.0/CVE-2024-45932.md
github.com/advisories/GHSA-74q2-6jp4-3rqq
github.com/krayin/laravel-crm
krayincrm.com/
nvd.nist.gov/vuln/detail/CVE-2024-45932

Detect and mitigate CVE-2024-45932 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →