CVE-2024-9030

Summary

CVE-2024-9030 is a cross-site scripting vulnerability found in CodeCanyon CRMGo SaaS version 7.2, specifically affecting the code related to the endpoint /deal/{note_id}/note. This vulnerability allows remote attackers to manipulate the 'notes' argument, potentially leading to unauthorized actions or information leakage. The attack has been publicly disclosed, and its exploitability is considered medium with a CVSS score of 5.4, requiring low privileges and user interaction for execution. Organizations using this affected software should remediate the issue by applying available patches or updates from the vendor. Failure to address this vulnerability could result in partial integrity and confidentiality impacts within an organization's web applications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.