Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 10:44 a.m.6 views

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

6.5CVSS5.7AI score0.02555EPSS
Exploits3References1
OSV
OSVadded 2024/10/14 2:15 p.m.0 views

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

5.4CVSS6.1AI score0.02555EPSS
Exploits3References1
NVD
NVDadded 2024/10/14 2:15 p.m.16 views

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

6.5CVSS0.02555EPSS
Exploits3References1
CVE
CVEadded 2024/10/14 12:0 a.m.47 views

CVE-2024-48120

X2CRM v8.5 is affected by a stored XSS in the Opportunities module. The vulnerability allows an authenticated attacker to inject JavaScript via the Name field when creating a list, with the payload stored and later triggered. Evidence consistently references a stored XSS path in the Opportunities...

6.5CVSS5.9AI score0.02555EPSS
Exploits3References1Affected Software1
Huntr
Huntradded 2023/10/03 11:38 a.m.31 views

SQL Injection in opportunities module

Description During the save of the the opportunity the duplicateparentid is not properly validated and cleaned, which allows for injecting sql. Proof of Concept Add sql injection statement to opportunities duplicateparentid on save request...

6.4CVSS7.3AI score0.15281EPSS
Exploits2
CNVD
CNVDadded 2020/11/19 12:0 a.m.2 views

SuiteCRM CSV Injection Vulnerability

SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...

7.8CVSS7.3AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVDadded 2020/11/18 12:0 a.m.1 views

SuiteCRM 安全漏洞

SuiteCRM is a free open source customer relationship management application. A CSV injection vulnerability exists in SuiteCRM 7.11.13 and earlier versions. The vulnerability can be exploited to conduct CSV injection attacks via the registration field in the Accounts, Contacts, Opportunities, and...

7.8CVSS7.1AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2020/11/18 12:0 a.m.3 views

PT-2020-14342 · Salesagility · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.14 Description: The issue allows for CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. This occurs due to mishandling of these fields during a Download Import Fi...

7.8CVSS7.7AI score0.00273EPSS
Exploits0References10
Rows per page
Query Builder