VYPR

Cremecrm

by Cremeframework

CVEs (3)

  • CVE-2018-14398MedSep 7, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials.

  • CVE-2018-9283MedSep 7, 2018
    risk 0.35cvss 5.4epss 0.01

    An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address,…

  • CVE-2018-14397MedSep 7, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department,…