Amocrm
by Amocrm
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-28870 | Med | 0.42 | 6.5 | 0.00 | Mar 11, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from n/a through <= 1.1. | ||
| CVE-2025-9628 | Med | 0.28 | 4.3 | 0.00 | Sep 11, 2025 | The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settings_page function. This makes it possible for unauthenticated… | ||
| CVE-2015-7304 | 0.00 | — | 0.01 | Sep 21, 2015 | Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from n/a through <= 1.1.
- risk 0.28cvss 4.3epss 0.00
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settings_page function. This makes it possible for unauthenticated…
- CVE-2015-7304Sep 21, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data.