CVE-2025-45755

{"id": "CVE-2025-45755", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-05-21T20:15:32.227", "references": [{"url": "https://www.simonjuguna.com/cve-2025-45755-stored-cross-site-scripting-xss-vulnerability-in-vtiger-open-source-edition-v8-3-0/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.vtiger.com/open-source-crm/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.simonjuguna.com/cve-2025-45755-stored-cross-site-scripting-xss-vulnerability-in-vtiger-open-source-edition-v8-3-0/", "tags": ["Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en Vtiger CRM Open Source Edition v8.3.0, explotable mediante la funci\u00f3n de importaci\u00f3n de servicios. Un atacante puede crear un archivo CSV malicioso que contenga un payload XSS, asignada al campo \"Nombre del servicio\". Al cargar el archivo, la aplicaci\u00f3n depura incorrectamente la entrada del usuario, lo que provoca la ejecuci\u00f3n persistente del script."}], "lastModified": "2025-06-10T19:34:54.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vtiger:vtiger_crm:8.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "031C0516-9769-485B-8632-F97CC5E45BEA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}