A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql injection. The attack...
9.8CVSS
9.7AI Score
0.001EPSS
Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email...
9.8CVSS
9.8AI Score
0.001EPSS
SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public....
5.4CVSS
5.3AI Score
0.001EPSS
SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site...
6.1CVSS
5.9AI Score
0.001EPSS
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)...
5.4CVSS
5.2AI Score
0.001EPSS
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to....
5.4CVSS
5.3AI Score
0.001EPSS
In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform....
6.3CVSS
6.4AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update...
9.8CVSS
9.7AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the company parameter in the user profile update...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration...
5.4CVSS
5.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password...
8.8CVSS
8.9AI Score
0.001EPSS
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack...
9.8CVSS
9.7AI Score
0.001EPSS
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.2AI Score
0.001EPSS
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified...
8AI Score
0.042EPSS
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified...
7.9AI Score
0.01EPSS
Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bundle #41 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order...
5.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to...
4.8CVSS
4.9AI Score
0.001EPSS
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...
6.1CVSS
6.2AI Score
0.001EPSS
8CVSS
7.8AI Score
0.001EPSS
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
6.1AI Score
0.001EPSS
4.3CVSS
4.4AI Score
0.001EPSS
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site...
5.4CVSS
5.3AI Score
0.001EPSS
4.3CVSS
4.5AI Score
0.001EPSS
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
6.2AI Score
0.001EPSS
4.3CVSS
4.5AI Score
0.001EPSS
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in...
9.8CVSS
9.8AI Score
0.007EPSS
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file....
8.8CVSS
8.5AI Score
0.003EPSS
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration...
3.3CVSS
3.8AI Score
0.0004EPSS
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the...
7.2CVSS
6.8AI Score
0.001EPSS
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle....
8.2CVSS
8.3AI Score
0.002EPSS
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3 - 12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM...
6.5CVSS
6.5AI Score
0.001EPSS
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
7.5CVSS
7.3AI Score
0.001EPSS