CVE-2024-9031

Summary

CVE-2024-9031 is a cross-site scripting vulnerability found in CodeCanyon CRMGo SaaS versions up to 7.2, specifically affecting the processing of the file /project/task/{task_id}/show. The vulnerability can be exploited remotely by manipulating the comment argument, posing a medium-level threat with a CVSS base score of 5.4 and an exploitability score of 2.3. It requires low privileges and user interaction to successfully execute an attack, which could impact the integrity and confidentiality of data within affected systems. Remediation involves updating to a patched version of CRMGo SaaS to prevent potential exploitation. Organizations utilizing affected products should act promptly to mitigate risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.