Small CRM
by Phpgurukul
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45394 | 0.00 | — | 0.00 | Oct 20, 2023 | Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. | |||
| CVE-2023-43331 | 0.00 | — | 0.00 | Sep 26, 2023 | A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||
| CVE-2023-34650 | 0.00 | — | 0.00 | Jun 28, 2023 | PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2022-47073 | 0.00 | — | 0.01 | Jan 25, 2023 | A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. | |||
| CVE-2020-5511 | 0.00 | — | 0.02 | Jan 8, 2020 | PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. |
- CVE-2023-45394Oct 20, 2023risk 0.00cvss —epss 0.00
Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover.
- CVE-2023-43331Sep 26, 2023risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- CVE-2023-34650Jun 28, 2023risk 0.00cvss —epss 0.00
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).
- CVE-2022-47073Jan 25, 2023risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.
- CVE-2020-5511Jan 8, 2020risk 0.00cvss —epss 0.02
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
Page 2 of 2