Details of VAR-202209-1780

Sign-up

ID

VAR-202209-1780

CVE

CVE-2022-38335

TITLE

Vtiger of Vtiger CRM Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-017911

DESCRIPTION

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules

Trust: 1.71

sources: NVD: CVE-2022-38335 // JVNDB: JVNDB-2022-017911 // VULHUB: VHN-434134

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	lte	version:	7.4.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	lte	version:	7.4.0 and earlier	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	eq	version:	-	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-017911 // NVD: CVE-2022-38335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-38335
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-38335
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-38335
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202209-2770
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-38335
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 2.0
NVD:	CVE-2022-38335
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-017911 // CNNVD: CNNVD-202209-2770 // NVD: CVE-2022-38335 // NVD: CVE-2022-38335

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-434134 // JVNDB: JVNDB-2022-017911 // NVD: CVE-2022-38335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-2770

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202209-2770

EXTERNAL IDS

db:	NVD	id:	CVE-2022-38335	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-017911	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-2770	Trust: 0.6
db:	VULHUB	id:	VHN-434134	Trust: 0.1

sources: VULHUB: VHN-434134 // JVNDB: JVNDB-2022-017911 // CNNVD: CNNVD-202209-2770 // NVD: CVE-2022-38335

REFERENCES

url:	https://code.vtiger.com/vtiger/vtigercrm	Trust: 2.5
url:	https://github.com/sbaresearch/advisories/tree/public/2022/sba-adv-20220328-01_vtiger_crm_stored_cross-site_scripting	Trust: 2.5
url:	https://www.vtiger.com/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-38335	Trust: 0.8
url:	https://vigilance.fr/vulnerability/vtiger-crm-cross-site-scripting-via-email-templates-module-39378	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-38335/	Trust: 0.6

sources: VULHUB: VHN-434134 // JVNDB: JVNDB-2022-017911 // CNNVD: CNNVD-202209-2770 // NVD: CVE-2022-38335

SOURCES

db:	VULHUB	id:	VHN-434134
db:	JVNDB	id:	JVNDB-2022-017911
db:	CNNVD	id:	CNNVD-202209-2770
db:	NVD	id:	CVE-2022-38335

LAST UPDATE DATE

2025-05-22T22:44:49.464000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-434134	date:	2022-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-017911	date:	2023-10-17T08:04:00
db:	CNNVD	id:	CNNVD-202209-2770	date:	2022-09-30T00:00:00
db:	NVD	id:	CVE-2022-38335	date:	2025-05-21T15:15:57.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-434134	date:	2022-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-017911	date:	2023-10-17T00:00:00
db:	CNNVD	id:	CNNVD-202209-2770	date:	2022-09-27T00:00:00
db:	NVD	id:	CVE-2022-38335	date:	2022-09-27T23:15:15.120