22 matches found
CVE-2026-3050
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2026-3050
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2026-3050
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2026-3050
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2026-3050 horilla-opensource horilla Leads global.js cross site scripting
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2026-3050 horilla-opensource horilla Leads global.js cross site scripting
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2026-3050
CVE-2026-3050 affects horilla-opensource horilla CRM up to version 1.0.2, specifically the Leads Module’s static/assets/js/global.js. A flaw in an unknown function allows manipulation of the Notes argument to trigger cross-site scripting (XSS) via a remote attack. An exploit has been published. R...
EUVD-2026-7444
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
Horilla 代码注入漏洞
Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla 1.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in the Leads Module component file static/assets/js/global.js, whic...
PT-2026-21612
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
CVE-2025-14885
A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2025-14885 SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload
A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...
EUVD-2011-4597
Malware in sbrugna...
CVE-2011-4679
vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report...
Cross-Site Request Forgery (CSRF)
Description CSRF is still possible on the Leads module Detailed Video is attached Proof of concept. Tested from: Firefox URL of Demo : https://demo.corebos.com/index.php?module=Leads&action=index&record=&relmodule=Leads Proof of Concept Video Link : https://vimeo.com/732211543 Steps Involved 1...
SuiteCRM CSV Injection Vulnerability
SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...
SuiteCRM 安全漏洞
SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...
PT-2020-14342 · Salesagility · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.14 Description: The issue allows for CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. This occurs due to mishandling of these fields during a Download Import Fi...
Sql injection
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the 1 where and 2 order parameters in a getfulllist action to index.php...
CVE-2011-4679
vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report...