VYPR

vtenext - Holistic CRM (CRM + BPM + AI)

by Vtecrm

CVEs (3)

  • CVE-2020-10229HigSep 14, 2020
    risk 0.57cvss 8.8epss 0.01

    A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.

  • CVE-2020-10228HigSep 14, 2020
    risk 0.57cvss 8.8epss 0.03

    A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.

  • CVE-2020-10227MedSep 14, 2020
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.