Suitecrm
by Salesagility
Source repositories
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5353 | 0.00 | — | 0.01 | Oct 3, 2023 | Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. | |||
| CVE-2023-5351 | 0.00 | — | 0.00 | Oct 3, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. | |||
| CVE-2023-3627 | 0.00 | — | 0.00 | Jul 11, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. | |||
| CVE-2022-0754 | 0.00 | — | 0.01 | Mar 7, 2022 | SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||
| CVE-2022-0756 | 0.00 | — | 0.01 | Mar 7, 2022 | Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||
| CVE-2022-0755 | 0.00 | — | 0.01 | Mar 7, 2022 | Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||
| CVE-2021-41595 | 0.00 | — | 0.02 | Oct 4, 2021 | SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. | |||
| CVE-2021-41869 | 0.00 | — | 0.02 | Oct 4, 2021 | SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. | |||
| CVE-2021-25960 | 0.00 | — | 0.01 | Sep 29, 2021 | In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access… | |||
| CVE-2021-25961 | 0.00 | — | 0.01 | Sep 29, 2021 | In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. | |||
| CVE-2021-39268 | 0.00 | — | 0.01 | Aug 18, 2021 | Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed. | |||
| CVE-2021-31792 | 0.00 | — | 0.01 | Apr 30, 2021 | XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field | |||
| CVE-2019-13335 | 0.00 | — | 0.01 | Oct 2, 2019 | SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | |||
| CVE-2018-20816 | 0.00 | — | 0.01 | Apr 5, 2019 | An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a… | |||
| CVE-2019-6506 | 0.00 | — | 0.02 | Apr 2, 2019 | SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. |
- CVE-2023-5353Oct 3, 2023risk 0.00cvss —epss 0.01
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
- CVE-2023-5351Oct 3, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
- CVE-2023-3627Jul 11, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
- CVE-2022-0754Mar 7, 2022risk 0.00cvss —epss 0.01
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.
- CVE-2022-0756Mar 7, 2022risk 0.00cvss —epss 0.01
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
- CVE-2022-0755Mar 7, 2022risk 0.00cvss —epss 0.01
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
- CVE-2021-41595Oct 4, 2021risk 0.00cvss —epss 0.02
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
- CVE-2021-41869Oct 4, 2021risk 0.00cvss —epss 0.02
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
- CVE-2021-25960Sep 29, 2021risk 0.00cvss —epss 0.01
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access…
- CVE-2021-25961Sep 29, 2021risk 0.00cvss —epss 0.01
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
- CVE-2021-39268Aug 18, 2021risk 0.00cvss —epss 0.01
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.
- CVE-2021-31792Apr 30, 2021risk 0.00cvss —epss 0.01
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
- CVE-2019-13335Oct 2, 2019risk 0.00cvss —epss 0.01
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
- CVE-2018-20816Apr 5, 2019risk 0.00cvss —epss 0.01
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a…
- CVE-2019-6506Apr 2, 2019risk 0.00cvss —epss 0.02
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
Page 3 of 3