Lucene search
K

638 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 11:41 p.m.5 views

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...

5.5CVSS6.9AI score0.00966EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 11:5 p.m.9 views

CVE-2008-3458

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...

5CVSS6.6AI score0.02799EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:47 p.m.7 views

CVE-2009-3251

include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the 1 visibility, 2 location, and 3 recurrence fields of a calendar via a custom view...

4CVSS6.5AI score0.01028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:28 p.m.8 views

CVE-2009-3257

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...

3.6CVSS6.6AI score0.00864EPSS
Exploits1References1
NVD
NVD
added 2025/05/21 9:16 p.m.11 views

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

7.2CVSS0.00383EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 9:16 p.m.3 views

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

7.2CVSS6AI score0.00383EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 8:15 p.m.5 views

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

6.1CVSS5.8AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2025/05/21 8:15 p.m.13 views

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

6.1CVSS0.00252EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 7:58 p.m.9 views

CVE-2007-3616

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module...

6.5CVSS6.7AI score0.00967EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:58 p.m.11 views

CVE-2007-3602

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin...

5.5CVSS6.7AI score0.0149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.5 views

PT-2025-22425

Name of the Vulnerable Software and Affected Versions Vtiger CRM Open Source Edition version 8.3.0 Description A Stored Cross-Site Scripting XSS issue exists, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service...

6.1CVSS5.2AI score0.00252EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/05/21 12:0 a.m.8 views

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

7.3AI score0.00383EPSS
Exploits0References1
CVE
CVE
added 2025/05/21 12:0 a.m.58 views

CVE-2025-45755

Vulnerable software: Vtiger CRM Open Source Edition v8.3.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload mapped to the Service Name field; when uploaded, the applica...

6.1CVSS5.2AI score0.00252EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.3 views

Vtiger CRM Open Source Edition 安全漏洞

Vtiger CRM Open Source Edition is a customer relationship management software from Vtiger, Inc. A security vulnerability exists in Vtiger CRM Open Source Edition version v8.3.0, which stems from the Services Import feature not properly cleaning up user input and could lead to a stored cross-site...

6.1CVSS5.8AI score0.00252EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.2 views

Vtiger CRM Open Source Edition 安全漏洞

Vtiger CRM Open Source Edition is a customer relationship management software from Vtiger, Inc. A security vulnerability exists in Vtiger CRM Open Source Edition version v8.3.0, which originates from the ZIP import feature and could lead to the execution of arbitrary PHP code...

7.2CVSS6.9AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/21 12:0 a.m.12 views

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

0.00383EPSS
Exploits0References1
CVE
CVE
added 2025/05/21 12:0 a.m.68 views

CVE-2025-45753

Vulnerability CVE-2025-45753 affects Vtiger CRM Open Source Edition v8.3.0. An attacker with admin privileges can execute arbitrary PHP code by abusing the ZIP import functionality in the Module Import feature. The entry indicates high impact (C/H/I/A) with a CVSSv3.1 base score of 7.2. Connected...

7.2CVSS7.4AI score0.00383EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/21 12:0 a.m.10 views

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

0.00252EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/21 12:0 a.m.5 views

CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

5.8AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.9 views

PT-2025-22435

Name of the Vulnerable Software and Affected Versions Vtiger CRM Open Source Edition version 8.3.0 Description A vulnerability in the software allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

7.2CVSS7.1AI score0.00383EPSS
Exploits0References6
Rows per page
Query Builder