Unrated severityNVD Advisory· Published Apr 14, 2025· Updated Apr 14, 2025
Webkul Krayin CRM SVG File edit cross site scripting
CVE-2025-3568
Description
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor prepares a fix for the next major release and explains that he does not think therefore that this should qualify for a CVE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.1.0+ 1 more
- (no CPE)range: <=2.1.0
- (no CPE)range: 2.0
Patches
Vulnerability mechanics
References
5- drive.google.com/file/d/1LMzZyCgloWquJRWzJAV2bpWMTuiMs6Xa/viewmitreexploit
- vuldb.commitrethird-party-advisory
- gist.github.com/shellkraft/a8b1f35d5c3ba313605065889563fb00mitrerelated
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entry
News mentions
0No linked articles in our index yet.