Login Sign Up

CVE-2024-45932

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

Krayin CRM v1.3.0 contains a stored cross-site scripting vulnerability in the organization name field of the contact management interface. This allows attackers to inject malicious scripts that execute when administrators view or edit organization data. The vulnerability affects any organization using the vulnerable version of Krayin CRM.

💻 Affected Systems

Products:
  • Krayin CRM
Versions: v1.3.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Krayin Crm by Webkul

View all CVEs affecting Krayin Crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal administrator session cookies, perform actions as administrators, deface the CRM interface, or redirect users to malicious sites.

🟠

Likely Case

Attackers would typically use this to steal administrator credentials or session tokens to gain unauthorized access to the CRM system.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be rendered harmless as text rather than executed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to create or edit organization records, which typically requires some level of authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Implement input validation and output encoding in the organization name field.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation to reject or sanitize HTML/JavaScript in the organization name field

Content Security Policy

all

Implement a strict Content Security Policy header to prevent script execution from untrusted sources

Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Header set X-Content-Type-Options "nosniff"

🧯 If You Can't Patch

  • Restrict access to the organization management interface to trusted administrators only
  • Implement web application firewall rules to block XSS payloads in organization name submissions

🔍 How to Verify

Check if Vulnerable:

Test by entering <script>alert('XSS')</script> in the organization name field and check if script executes when viewing the organization

Check Version:

Check Krayin CRM version in admin panel or package.json file

Verify Fix Applied:

Test with same payload and verify script does not execute and appears as plain text

📡 Detection & Monitoring

Log Indicators:

  • Unusual organization name entries containing script tags or JavaScript code
  • Multiple failed validation attempts on organization name field

Network Indicators:

  • POST requests to /admin/contacts/organizations/edit/ with script tags in parameters

SIEM Query:

source="web_server" AND (uri="/admin/contacts/organizations/edit/" AND (param="name" CONTAINS "<script>" OR param="name" CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2024-45932
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: October 7, 2024
Last Updated: October 11, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45932, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)