CVE-2023-44915 | THREATINT

Description

A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter.

PUBLISHED Reserved 2023-10-02 | Published 2025-06-25 | Updated 2025-06-25 | Assigner mitre

References

c3crm.com

github.com/dfar2008/c3crm

github.com/dfar2008/c3crm/tree/master/Login.php

github.com/...arkar/vulnerabilities/tree/main/CVE-2023-44915

cve.org (CVE-2023-44915)

nvd.nist.gov (CVE-2023-44915)

Download JSON