Security Advisory

CVE-2025-70936

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-13 00:00:00

Last updated 2026-04-14 15:21:22

Assigner mitre

State PUBLISHED

Description

Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s session.

← Browse all CVEs View on cve.org ↗