Suitecrm
by Salesagility
Source repositories
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36418 | 0.00 | — | 0.01 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this… | |||
| CVE-2024-36417 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this… | |||
| CVE-2024-36415 | 0.00 | — | 0.01 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36414 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36413 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36411 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36410 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36409 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36408 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36407 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the… | |||
| CVE-2024-36406 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2023-6388 | 0.00 | — | 0.00 | Feb 7, 2024 | Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. | |||
| CVE-2023-47643 | 0.00 | — | 0.03 | Nov 21, 2023 | SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and… | |||
| CVE-2023-6131 | 0.00 | — | 0.01 | Nov 14, 2023 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6130 | 0.00 | — | 0.01 | Nov 14, 2023 | Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6128 | 0.00 | — | 0.01 | Nov 14, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6127 | 0.00 | — | 0.00 | Nov 14, 2023 | Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6126 | 0.00 | — | 0.01 | Nov 14, 2023 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6125 | 0.00 | — | 0.01 | Nov 14, 2023 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6124 | 0.00 | — | 0.01 | Nov 14, 2023 | Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. |
- CVE-2024-36418Jun 10, 2024risk 0.00cvss —epss 0.01
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this…
- CVE-2024-36417Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this…
- CVE-2024-36415Jun 10, 2024risk 0.00cvss —epss 0.01
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36414Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36413Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36411Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36410Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36409Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36408Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36407Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the…
- CVE-2024-36406Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2023-6388Feb 7, 2024risk 0.00cvss —epss 0.00
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
- CVE-2023-47643Nov 21, 2023risk 0.00cvss —epss 0.03
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and…
- CVE-2023-6131Nov 14, 2023risk 0.00cvss —epss 0.01
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6130Nov 14, 2023risk 0.00cvss —epss 0.01
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6128Nov 14, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6127Nov 14, 2023risk 0.00cvss —epss 0.00
Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6126Nov 14, 2023risk 0.00cvss —epss 0.01
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6125Nov 14, 2023risk 0.00cvss —epss 0.01
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6124Nov 14, 2023risk 0.00cvss —epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
Page 2 of 3