70 matches found
Cross site scripting in yetiforce/yetiforce-crm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2890 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
GHSA-RJVC-MF7R-CH7R Cross site scripting in yetiforce/yetiforce-crm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
PT-2022-4428 · Unknown · Yetiforcecrm
Name of the Vulnerable Software and Affected Versions: yetiforcecrm versions prior to 6.4.0 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability in the YetiFroce CRM system, which is caused by the lack of protection measures for the web page structure. This allow...
PT-2022-4372 · Yetiforce · Yetiforcecrm
Name of the Vulnerable Software and Affected Versions: yetiforcecrm versions prior to 6.4.0 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability in the YetiForce CRM system, which is caused by the lack of protection measures for the web page structure. This allow...
CVE-2022-2885
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2885 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation before uploading files in Fields.php, allowing an attacker to upload malicious files...
GHSA-PQR6-3J58-9W58 Unrestricted Upload of File with Dangerous Type in yetiforce-crm
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...
Unrestricted Upload of File with Dangerous Type in yetiforce-crm
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...
CVE-2022-1411
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...
Cross-Site Request Forgery in yetiforce
Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users...
GHSA-7G7R-GR46-Q4P5 Cross-Site Request Forgery in yetiforce
Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users...
Cross-Site Request Forgery (CSRF)
yetiforce/yetiforce-crm is vulnerable to cross-site request forgery. The vulnerability exists due to insufficient permissions checks which allows a malicious attacker to create a new admin account and cause a csrf attack...
CVE-2022-0269
Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...
CVE-2022-0269
Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...
CVE-2022-0269
CVE-2022-0269 describes a CSRF vulnerability in yetiforce/yetiforce-crm prior to version 6.3.0. The issue affects the Web application and, per connected sources, could allow an attacker to perform unauthorized actions, including privilege escalation to create a new admin account in some scenarios...
CVE-2022-0269 Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm
Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...
Business Logic Errors
yetiforce/yetiforce-crm is vulnerable to business logic errors. The vulnerability exists due to an insufficient validation for weight fields...