{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T05:46:04.705","vulnerabilities":[{"cve":{"id":"CVE-2024-24818","sourceIdentifier":"security-advisories@github.com","published":"2024-03-21T02:52:12.073","lastModified":"2025-06-27T14:35:32.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in \"Password Change\" page and redirect victim to malicious page that could lead to  credential stealing or another attack. This vulnerability is fixed in 8.1.2."},{"lang":"es","value":"EspoCRM es un software de gestión de relaciones con el cliente de código abierto. Un atacante puede inyectar una dirección IP o un dominio arbitrario en la página \"Cambio de contraseña\" y redirigir a la víctima a una página maliciosa que podría provocar el robo de credenciales u otro ataque. Esta vulnerabilidad se soluciona en 8.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-610"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1.2","matchCriteriaId":"4B720403-FE53-4C66-BA6A-BC535A68FA6B"}]}]}],"references":[{"url":"https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}