Vendor CVEs
Salesagility
All CVEs
55 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5946 | Hig | 0.51 | 7.8 | 0.02 | Aug 7, 2017 | Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | ||
| CVE-2015-5948 | Hig | 0.46 | 8.1 | 0.04 | Sep 6, 2017 | Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. | ||
| CVE-2015-5947 | Hig | 0.46 | 8.1 | 0.03 | Sep 6, 2017 | SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | ||
| CVE-2019-25664 | Hig | 0.39 | 7.1 | 0.00 | Apr 5, 2026 | SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the… | ||
| CVE-2019-25663 | Hig | 0.39 | 7.1 | 0.00 | Apr 5, 2026 | SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using… | ||
| CVE-2018-15606 | Med | 0.33 | 6.1 | 0.01 | Sep 26, 2018 | An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. | ||
| CVE-2024-36412 | 0.07 | — | 0.06 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36416 | 0.04 | — | 0.02 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2023-5350 | 0.03 | — | 0.02 | Oct 3, 2023 | SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. | |||
| CVE-2023-1034 | 0.02 | — | 0.28 | Feb 25, 2023 | Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | |||
| CVE-2026-29109 | 0.00 | — | 0.00 | Mar 19, 2026 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator… | |||
| CVE-2022-50589 | 0.00 | — | 0.01 | Nov 6, 2025 | SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code. | |||
| CVE-2024-50335 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. This… | |||
| CVE-2024-50333 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language… | |||
| CVE-2024-50332 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to… | |||
| CVE-2024-49774 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM… | |||
| CVE-2024-49773 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export`… | |||
| CVE-2024-49772 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database.… | |||
| CVE-2024-45392 | 0.00 | — | 0.00 | Sep 5, 2024 | SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | |||
| CVE-2024-36419 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue. | |||
| CVE-2024-36418 | 0.00 | — | 0.01 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this… | |||
| CVE-2024-36417 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this… | |||
| CVE-2024-36415 | 0.00 | — | 0.01 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36414 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36413 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36411 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36410 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36409 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36408 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36407 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the… | |||
| CVE-2024-36406 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2023-6388 | 0.00 | — | 0.00 | Feb 7, 2024 | Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. | |||
| CVE-2023-47643 | 0.00 | — | 0.03 | Nov 21, 2023 | SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and… | |||
| CVE-2023-6131 | 0.00 | — | 0.01 | Nov 14, 2023 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6130 | 0.00 | — | 0.01 | Nov 14, 2023 | Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6128 | 0.00 | — | 0.01 | Nov 14, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6127 | 0.00 | — | 0.00 | Nov 14, 2023 | Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6126 | 0.00 | — | 0.01 | Nov 14, 2023 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6125 | 0.00 | — | 0.01 | Nov 14, 2023 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||
| CVE-2023-6124 | 0.00 | — | 0.01 | Nov 14, 2023 | Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. | |||
| CVE-2023-5353 | 0.00 | — | 0.01 | Oct 3, 2023 | Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. | |||
| CVE-2023-5351 | 0.00 | — | 0.00 | Oct 3, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. | |||
| CVE-2023-3627 | 0.00 | — | 0.00 | Jul 11, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. | |||
| CVE-2022-0754 | 0.00 | — | 0.01 | Mar 7, 2022 | SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||
| CVE-2022-0755 | 0.00 | — | 0.01 | Mar 7, 2022 | Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||
| CVE-2022-0756 | 0.00 | — | 0.01 | Mar 7, 2022 | Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||
| CVE-2021-41595 | 0.00 | — | 0.02 | Oct 4, 2021 | SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. | |||
| CVE-2021-41869 | 0.00 | — | 0.02 | Oct 4, 2021 | SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. | |||
| CVE-2021-25960 | 0.00 | — | 0.01 | Sep 29, 2021 | In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access… | |||
| CVE-2021-25961 | 0.00 | — | 0.01 | Sep 29, 2021 | In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. |
- risk 0.51cvss 7.8epss 0.02
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
- risk 0.46cvss 8.1epss 0.04
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
- risk 0.46cvss 8.1epss 0.03
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
- risk 0.39cvss 7.1epss 0.00
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the…
- risk 0.39cvss 7.1epss 0.00
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using…
- risk 0.33cvss 6.1epss 0.01
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.
- CVE-2024-36412Jun 10, 2024risk 0.07cvss —epss 0.06
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36416Jun 10, 2024risk 0.04cvss —epss 0.02
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2023-5350Oct 3, 2023risk 0.03cvss —epss 0.02
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
- CVE-2023-1034Feb 25, 2023risk 0.02cvss —epss 0.28
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
- CVE-2026-29109Mar 19, 2026risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator…
- CVE-2022-50589Nov 6, 2025risk 0.00cvss —epss 0.01
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.
- CVE-2024-50335Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. This…
- CVE-2024-50333Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language…
- CVE-2024-50332Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to…
- CVE-2024-49774Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM…
- CVE-2024-49773Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export`…
- CVE-2024-49772Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database.…
- CVE-2024-45392Sep 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.
- CVE-2024-36419Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue.
- CVE-2024-36418Jun 10, 2024risk 0.00cvss —epss 0.01
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this…
- CVE-2024-36417Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this…
- CVE-2024-36415Jun 10, 2024risk 0.00cvss —epss 0.01
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36414Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36413Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36411Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36410Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36409Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36408Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36407Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the…
- CVE-2024-36406Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2023-6388Feb 7, 2024risk 0.00cvss —epss 0.00
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
- CVE-2023-47643Nov 21, 2023risk 0.00cvss —epss 0.03
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and…
- CVE-2023-6131Nov 14, 2023risk 0.00cvss —epss 0.01
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6130Nov 14, 2023risk 0.00cvss —epss 0.01
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6128Nov 14, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6127Nov 14, 2023risk 0.00cvss —epss 0.00
Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6126Nov 14, 2023risk 0.00cvss —epss 0.01
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6125Nov 14, 2023risk 0.00cvss —epss 0.01
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CVE-2023-6124Nov 14, 2023risk 0.00cvss —epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
- CVE-2023-5353Oct 3, 2023risk 0.00cvss —epss 0.01
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
- CVE-2023-5351Oct 3, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
- CVE-2023-3627Jul 11, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
- CVE-2022-0754Mar 7, 2022risk 0.00cvss —epss 0.01
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.
- CVE-2022-0755Mar 7, 2022risk 0.00cvss —epss 0.01
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
- CVE-2022-0756Mar 7, 2022risk 0.00cvss —epss 0.01
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
- CVE-2021-41595Oct 4, 2021risk 0.00cvss —epss 0.02
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
- CVE-2021-41869Oct 4, 2021risk 0.00cvss —epss 0.02
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
- CVE-2021-25960Sep 29, 2021risk 0.00cvss —epss 0.01
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access…
- CVE-2021-25961Sep 29, 2021risk 0.00cvss —epss 0.01
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
Page 1 of 2