{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T23:18:31.964","vulnerabilities":[{"cve":{"id":"CVE-2025-45755","sourceIdentifier":"cve@mitre.org","published":"2025-05-21T20:15:32.227","lastModified":"2025-06-10T19:34:54.193","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en Vtiger CRM Open Source Edition v8.3.0, explotable mediante la función de importación de servicios. Un atacante puede crear un archivo CSV malicioso que contenga un payload XSS, asignada al campo \"Nombre del servicio\". Al cargar el archivo, la aplicación depura incorrectamente la entrada del usuario, lo que provoca la ejecución persistente del script."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vtiger:vtiger_crm:8.3.0:*:*:*:*:*:*:*","matchCriteriaId":"031C0516-9769-485B-8632-F97CC5E45BEA"}]}]}],"references":[{"url":"https://www.simonjuguna.com/cve-2025-45755-stored-cross-site-scripting-xss-vulnerability-in-vtiger-open-source-edition-v8-3-0/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.vtiger.com/open-source-crm/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.simonjuguna.com/cve-2025-45755-stored-cross-site-scripting-xss-vulnerability-in-vtiger-open-source-edition-v8-3-0/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}}]}