Primary

Context

c3crm Cross-Site Scripting Vulnerability in Login Component

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in c3crm versions through 3.0.4. The issue resides in the Login.php component, where attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the login_error parameter.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the login endpoint of the c3crm application with a payload injected into the login_error parameter. This can be done using a web browser or a tool like Burp Suite to intercept and modify the request.

Added: Jun 25, 2025, 6:08 PM

Updated: Jun 25, 2025, 8:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

c3crm Cross-Site Scripting Vulnerability in Login Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating