Lucene search

K

CRM Security Vulnerabilities

cve
cve

CVE-2020-28961

Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name...

5.4CVSS

5.2AI Score

0.001EPSS

2021-10-22 08:15 PM
18
cve
cve

CVE-2021-33849

A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload....

5.4CVSS

5.3AI Score

0.001EPSS

2021-10-05 10:15 PM
31
cve
cve

CVE-2021-25956

In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since...

7.2CVSS

7AI Score

0.001EPSS

2021-08-17 03:15 PM
40
3
cve
cve

CVE-2021-2368

Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure). Supported versions that are affected are 21.5 and Prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM....

5.9CVSS

5.4AI Score

0.002EPSS

2021-07-21 03:15 PM
25
2
cve
cve

CVE-2021-33676

A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the...

7.2CVSS

6.8AI Score

0.001EPSS

2021-07-14 12:15 PM
24
4
cve
cve

CVE-2020-22807

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata...

9.8CVSS

9.6AI Score

0.003EPSS

2021-04-29 07:15 PM
40
4
cve
cve

CVE-2021-2251

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Data Source). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.1CVSS

8.1AI Score

0.001EPSS

2021-04-22 10:15 PM
37
4
cve
cve

CVE-2021-2099

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM...

8.2CVSS

8.4AI Score

0.002EPSS

2021-01-20 03:15 PM
33
1
cve
cve

CVE-2021-2085

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

8.2CVSS

8.4AI Score

0.002EPSS

2021-01-20 03:15 PM
30
cve
cve

CVE-2021-2084

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

8.2CVSS

8.4AI Score

0.002EPSS

2021-01-20 03:15 PM
28
cve
cve

CVE-2021-2092

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

8.2CVSS

8.4AI Score

0.002EPSS

2021-01-20 03:15 PM
71
cve
cve

CVE-2020-19362

Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web...

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-20 01:15 AM
29
1
cve
cve

CVE-2020-19363

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout...

6.5CVSS

6.4AI Score

0.002EPSS

2021-01-20 01:15 AM
34
1
cve
cve

CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to...

7.2CVSS

6.9AI Score

0.042EPSS

2020-12-23 03:15 PM
24
cve
cve

CVE-2020-17006

Microsoft Dynamics 365 (on-premises) Cross-site Scripting...

5.4CVSS

5.2AI Score

0.001EPSS

2020-11-11 07:15 AM
51
cve
cve

CVE-2020-14850

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle....

8.2CVSS

8.3AI Score

0.002EPSS

2020-10-21 03:15 PM
27
cve
cve

CVE-2020-14823

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3 - 12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM...

6.5CVSS

6.5AI Score

0.001EPSS

2020-10-21 03:15 PM
28
cve
cve

CVE-2020-14774

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS

7.3AI Score

0.001EPSS

2020-10-21 03:15 PM
26
cve
cve

CVE-2020-25375

Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field,....

5.4CVSS

5.5AI Score

0.001EPSS

2020-09-14 04:15 PM
18
cve
cve

CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or....

5.4CVSS

5.1AI Score

0.001EPSS

2020-08-31 04:15 PM
20
cve
cve

CVE-2020-14679

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

7.5CVSS

7.3AI Score

0.001EPSS

2020-07-15 06:15 PM
17
cve
cve

CVE-2020-14667

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM....

7.6CVSS

7.7AI Score

0.001EPSS

2020-07-15 06:15 PM
22
cve
cve

CVE-2020-14661

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

4.7CVSS

4.4AI Score

0.001EPSS

2020-07-15 06:15 PM
16
cve
cve

CVE-2020-14660

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

8.2CVSS

8.3AI Score

0.002EPSS

2020-07-15 06:15 PM
20
cve
cve

CVE-2020-14657

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM....

7.6CVSS

7.7AI Score

0.001EPSS

2020-07-15 06:15 PM
21
cve
cve

CVE-2020-14659

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

4.7CVSS

4.4AI Score

0.001EPSS

2020-07-15 06:15 PM
22
cve
cve

CVE-2020-14599

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

9.1CVSS

8.5AI Score

0.002EPSS

2020-07-15 06:15 PM
22
cve
cve

CVE-2020-14598

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

9.1CVSS

8.5AI Score

0.002EPSS

2020-07-15 06:15 PM
23
cve
cve

CVE-2020-14475

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and...

6.1CVSS

5.9AI Score

0.001EPSS

2020-06-19 05:15 PM
25
cve
cve

CVE-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against...

5.4CVSS

5.3AI Score

0.001EPSS

2020-05-20 03:15 PM
20
cve
cve

CVE-2020-13239

The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes...

5.4CVSS

5.3AI Score

0.001EPSS

2020-05-20 03:15 PM
24
cve
cve

CVE-2020-11823

In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin...

5.4CVSS

5.1AI Score

0.001EPSS

2020-04-16 07:15 PM
29
cve
cve

CVE-2020-11825

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this...

8.8CVSS

8.6AI Score

0.001EPSS

2020-04-16 07:15 PM
30
cve
cve

CVE-2020-2886

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

4.7CVSS

4.1AI Score

0.001EPSS

2020-04-15 02:15 PM
26
cve
cve

CVE-2020-2881

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical....

8.2CVSS

8.2AI Score

0.002EPSS

2020-04-15 02:15 PM
20
cve
cve

CVE-2020-2889

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.3CVSS

4.5AI Score

0.001EPSS

2020-04-15 02:15 PM
19
cve
cve

CVE-2020-2838

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

8.6CVSS

8AI Score

0.002EPSS

2020-04-15 02:15 PM
23
cve
cve

CVE-2020-6229

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS)...

6.1CVSS

5.9AI Score

0.001EPSS

2020-04-14 07:15 PM
22
cve
cve

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer...

5.4CVSS

5.2AI Score

0.001EPSS

2020-02-16 10:15 PM
58
cve
cve

CVE-2013-3591

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution...

8.8CVSS

8.8AI Score

0.959EPSS

2020-02-07 03:15 PM
36
cve
cve

CVE-2015-6000

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then....

8.8CVSS

7.9AI Score

0.018EPSS

2020-02-06 02:15 PM
38
cve
cve

CVE-2013-3215

vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession...

9.8CVSS

9.3AI Score

0.173EPSS

2020-01-29 06:15 PM
118
cve
cve

CVE-2013-3214

vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in...

9.8CVSS

9.5AI Score

0.85EPSS

2020-01-28 09:15 PM
64
cve
cve

CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script...

8.1CVSS

8.5AI Score

0.06EPSS

2020-01-28 09:15 PM
45
cve
cve

CVE-2020-7994

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page;...

6.1CVSS

6AI Score

0.002EPSS

2020-01-26 11:15 PM
64
cve
cve

CVE-2020-7996

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP...

6.1CVSS

5.8AI Score

0.001EPSS

2020-01-26 11:15 PM
75
2
cve
cve

CVE-2020-7995

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication...

9.8CVSS

9.5AI Score

0.189EPSS

2020-01-26 11:15 PM
98
5
cve
cve

CVE-2019-14768

An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM...

8.8CVSS

8.8AI Score

0.004EPSS

2020-01-21 04:15 PM
21
cve
cve

CVE-2019-14766

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server...

6.5CVSS

6.3AI Score

0.001EPSS

2020-01-21 04:15 PM
18
cve
cve

CVE-2019-14765

Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative...

8.8CVSS

8.4AI Score

0.001EPSS

2020-01-21 04:15 PM
21
Total number of security vulnerabilities428