CRM
by Rukovoditel
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54687 | 0.00 | — | 0.00 | Jan 10, 2025 | Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. | |||
| CVE-2024-48119 | 0.00 | — | 0.00 | Oct 14, 2024 | Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML. | |||
| CVE-2024-44779 | 0.00 | — | 0.01 | Aug 29, 2024 | A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||
| CVE-2024-42995 | 0.00 | — | 0.00 | Aug 16, 2024 | VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. |
- CVE-2024-54687Jan 10, 2025risk 0.00cvss —epss 0.00
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.
- CVE-2024-48119Oct 14, 2024risk 0.00cvss —epss 0.00
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.
- CVE-2024-44779Aug 29, 2024risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
- CVE-2024-42995Aug 16, 2024risk 0.00cvss —epss 0.00
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
Page 2 of 2