Yetiforcecompany/yetiforcecrm

CVEs (17)

CVE	CVSS	Published	Description
CVE-2022-3002	—	Oct 6, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3005	—	Sep 20, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3004	—	Sep 20, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3000	—	Sep 20, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2924	—	Sep 20, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
CVE-2022-2829	—	Aug 23, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2890	—	Aug 22, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1340	—	Aug 22, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2885	—	Aug 21, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1411	—	May 5, 2022	Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
CVE-2022-0269	—	Jan 24, 2022	Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVE-2021-4121	—	Dec 16, 2021	yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4117	—	Dec 15, 2021	yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4116	—	Dec 15, 2021	yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4111	—	Dec 15, 2021	yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4107	—	Dec 14, 2021	yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4092	—	Dec 11, 2021	yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2022-3002Oct 6, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3005Sep 20, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3004Sep 20, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3000Sep 20, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2924Sep 20, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
CVE-2022-2829Aug 23, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2890Aug 22, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1340Aug 22, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2885Aug 21, 2022
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1411May 5, 2022
risk 0.00cvss —epss 0.00
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
CVE-2022-0269Jan 24, 2022
risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVE-2021-4121Dec 16, 2021
risk 0.00cvss —epss 0.00
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4117Dec 15, 2021
risk 0.00cvss —epss 0.00
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4116Dec 15, 2021
risk 0.00cvss —epss 0.00
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4111Dec 15, 2021
risk 0.00cvss —epss 0.00
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4107Dec 14, 2021
risk 0.00cvss —epss 0.00
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4092Dec 11, 2021
risk 0.00cvss —epss 0.00
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)