VYPR

Espocrm

by Espocrm

Source repositories

CVEs (43)

  • CVE-2014-7986Oct 31, 2014
    risk 0.00cvss epss 0.03

    install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.

  • CVE-2014-7985Oct 31, 2014
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.

  • CVE-2014-8330Oct 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account.

Page 3 of 3