VYPR

CRM

by Rukovoditel

CVEs (24)

  • CVE-2024-54687Jan 10, 2025
    risk 0.00cvss epss 0.00

    Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.

  • CVE-2024-48119Oct 14, 2024
    risk 0.00cvss epss 0.00

    Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.

  • CVE-2024-44779Aug 29, 2024
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

  • CVE-2024-42995Aug 16, 2024
    risk 0.00cvss epss 0.00

    VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.

Page 2 of 2