Vendor CVEs
Salesagility
All CVEs
55 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39268 | 0.00 | — | 0.01 | Aug 18, 2021 | Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed. | |||
| CVE-2021-31792 | 0.00 | — | 0.01 | Apr 30, 2021 | XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field | |||
| CVE-2019-13335 | 0.00 | — | 0.01 | Oct 2, 2019 | SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | |||
| CVE-2018-20816 | 0.00 | — | 0.01 | Apr 5, 2019 | An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a… | |||
| CVE-2019-6506 | 0.00 | — | 0.02 | Apr 2, 2019 | SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. |
- CVE-2021-39268Aug 18, 2021risk 0.00cvss —epss 0.01
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.
- CVE-2021-31792Apr 30, 2021risk 0.00cvss —epss 0.01
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
- CVE-2019-13335Oct 2, 2019risk 0.00cvss —epss 0.01
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
- CVE-2018-20816Apr 5, 2019risk 0.00cvss —epss 0.01
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a…
- CVE-2019-6506Apr 2, 2019risk 0.00cvss —epss 0.02
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
Page 2 of 2