VYPR

Vendor CVEs

Salesagility

All CVEs

55 total · sorted by risk
  • CVE-2021-39268Aug 18, 2021
    risk 0.00cvss epss 0.01

    Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.

  • CVE-2021-31792Apr 30, 2021
    risk 0.00cvss epss 0.01

    XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field

  • CVE-2019-13335Oct 2, 2019
    risk 0.00cvss epss 0.01

    SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.

  • CVE-2018-20816Apr 5, 2019
    risk 0.00cvss epss 0.01

    An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a…

  • CVE-2019-6506Apr 2, 2019
    risk 0.00cvss epss 0.02

    SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.

Page 2 of 2