PT-2023-27825 · F-Revocrm · F-Revocrm

Name of the Vulnerable Software and Affected Versions: F-RevoCRM versions 7.3.0 through 7.3.7 Description: The issue is a cross-site scripting vulnerability. If exploited, it allows an arbitrary script to be executed on the web browser of the user using the product. Recommendations: For versions...

PT-2023-27823 · F-Revocrm · F-Revocrm

Name of the Vulnerable Software and Affected Versions: F-RevoCRM versions 7.3.7 through 7.3.8 Description: The issue is an OS command injection vulnerability. If exploited, an attacker with access to the product may execute an arbitrary OS command on the server where the product is running...

Multiple vulnerabilities in F-RevoCRM

Overview F-RevoCRM provided by ThinkingReed inc. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-41149 Cross-site scripting vulnerability CWE-79 - CVE-2023-41150 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/...

F-RevoCRM Cross-Site Scripting Vulnerability

Thinkreed F-RevoCRM is an open source customer relationship management software from Thinkreed Japan. A security vulnerability exists in F-RevoCRM that stems from F-RevoCRM allowing cross-site scripting...