CNNVD-202506-3181 Information

CNNVD ID

CNNVD-202506-3181

Related CVE

CVE-2023-44915

• CNNVD Published: 2025-06-25

Description (Chinese)

c3crm是dfar2008个人开发者的一个CRM软件。 c3crm 3.0.4及之前版本存在安全漏洞，该漏洞源于组件/Login.php中login_error参数未经验证输入，可能导致跨站脚本攻击。

Description (English)

c3crm is a CRM software for dfar2008 personal developers. c3crm 3.0.4 and previous versions have a security loophole, which originates from unverified input of login error parameters in component/Login.php, which may result in a cross-site script attack.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Live Support

Published

2025-06-25

Last Modified

2026-02-24

References

http://c3crm.com https://github.com/dfar2008/c3crm/tree/master/Login.php#L108 https://github.com/timosarkar/vulnerabilities/tree/main/CVE-2023-44915 https://access.redhat.com/security/cve/cve-2023-44915 https://nvd.nist.gov/vuln/detail/CVE-2023-44915