20 matches found
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
EUVD-2025-209429
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
Vtiger CRM 安全漏洞
Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability, which stems from...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
CVE-2025-70936
Vtiger CRM 8.4.0 is affected by a reflected XSS in the MailManager module, caused by improper handling of user-controlled input in the _folder parameter. The payload is reflected and executed in an authenticated user session, using a double URL-encoded input. The available connected sources confi...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
PT-2026-32520
Name of the Vulnerable Software and Affected Versions Vtiger CRM version 8.4.0 Description A reflected cross-site scripting XSS issue exists in the MailManager module, where XSS is a type of attack that injects malicious scripts into a trusted website. Improper handling of user-controlled input i...
CVE-2025-70936
Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...
EUVD-2006-2821
Malware in sbrugna...
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
PT-2024-30247 · Vtiger · Vtiger Crm
Name of the Vulnerable Software and Affected Versions: VTiger CRM versions = 8.1.0 Description: The issue arises from improper sanitization of user input before it is used in a SQL statement, leading to a SQL Injection in the CompanyDetails operation of the MailManager module. Recommendations: Fo...
CVE-2024-42994
Summary: VTiger CRM
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
CVE-2024-42994
VTiger CRM = 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module...
Design/Logic Flaw
Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 0xc8 followed by a single-quote character from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug 1494281 - Postgres encoding security hole."...
CVE-2006-2824
Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 0xc8 followed by a single-quote character from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug 1494281 - Postgres encoding security hole."...
CVE-2006-2824
CVE-2006-2824 affects Logicalware MailManager prior to 2.0.10. The issue stems from MailManager’s PostgreSQL interface not removing the 0xC8 0x27 sequence (0xC8 followed by a single-quote) in data sent to the server, enabling a remote attacker to modify data and potentially gain administrative ac...
CVE-2006-2824
Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 0xc8 followed by a single-quote character from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug 1494281 - Postgres encoding security hole."...