Vulnerability Database

319,590

Total vulnerabilities in the database

CVE-2024-24818

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

Published: Mar 21, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-24818
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

CWEs:

CWE-601
CWE-610

Affected Software
References

Software	From	Fixed in
espocrm / espocrm	-	8.1.2

https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7
https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo