Packagist (Composer) package
yetiforce/yetiforce-crm
pkg:composer/yetiforce/yetiforce-crm
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-49508 | — | < 6.5.0 | 6.5.0 | Feb 16, 2024 | Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. | ||
| CVE-2022-3002 | — | <= 6.4.0 | — | Oct 6, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||
| CVE-2022-3005 | — | <= 6.4.0 | — | Sep 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||
| CVE-2022-3004 | — | <= 6.4.0 | — | Sep 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||
| CVE-2022-3000 | — | <= 6.4.0 | — | Sep 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||
| CVE-2022-2924 | — | <= 6.4.0 | — | Sep 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. | ||
| CVE-2022-2890 | — | < 6.4.0 | 6.4.0 | Aug 22, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||
| CVE-2022-1340 | — | < 6.4.0 | 6.4.0 | Aug 22, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||
| CVE-2022-2885 | — | < 6.4.0 | 6.4.0 | Aug 21, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||
| CVE-2022-1411 | — | < 6.4.0 | 6.4.0 | May 5, 2022 | Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's | ||
| CVE-2022-0269 | — | <= 6.3.0 | — | Jan 24, 2022 | Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. | ||
| CVE-2021-4121 | — | <= 6.3.0 | — | Dec 16, 2021 | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-4117 | — | <= 6.3.0 | — | Dec 15, 2021 | yetiforcecrm is vulnerable to Business Logic Errors | ||
| CVE-2021-4116 | — | <= 6.3.0 | — | Dec 15, 2021 | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-4111 | — | <= 6.3.0 | — | Dec 15, 2021 | yetiforcecrm is vulnerable to Business Logic Errors | ||
| CVE-2021-4107 | — | <= 6.3.0 | — | Dec 14, 2021 | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-4092 | — | < 6.3.0 | 6.3.0 | Dec 11, 2021 | yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) |
- CVE-2023-49508Feb 16, 2024affected < 6.5.0fixed 6.5.0
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.
- CVE-2022-3002Oct 6, 2022affected <= 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-3005Sep 20, 2022affected <= 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-3004Sep 20, 2022affected <= 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-3000Sep 20, 2022affected <= 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-2924Sep 20, 2022affected <= 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
- CVE-2022-2890Aug 22, 2022affected < 6.4.0fixed 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-1340Aug 22, 2022affected < 6.4.0fixed 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-2885Aug 21, 2022affected < 6.4.0fixed 6.4.0
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-1411May 5, 2022affected < 6.4.0fixed 6.4.0
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's
- CVE-2022-0269Jan 24, 2022affected <= 6.3.0
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
- CVE-2021-4121Dec 16, 2021affected <= 6.3.0
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4117Dec 15, 2021affected <= 6.3.0
yetiforcecrm is vulnerable to Business Logic Errors
- CVE-2021-4116Dec 15, 2021affected <= 6.3.0
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4111Dec 15, 2021affected <= 6.3.0
yetiforcecrm is vulnerable to Business Logic Errors
- CVE-2021-4107Dec 14, 2021affected <= 6.3.0
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4092Dec 11, 2021affected < 6.3.0fixed 6.3.0
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)