Lucene search
K

70 matches found

Github Security Blog
Github Security Blog
added 2022/08/23 12:0 a.m.24 views

Cross site scripting in yetiforce/yetiforce-crm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

7CVSS0.9AI score0.00429EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/08/22 1:55 p.m.22 views

CVE-2022-2890 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

9CVSS7.9AI score0.00725EPSS
Exploits1References4
OSV
OSV
added 2022/08/22 12:0 a.m.33 views

GHSA-RJVC-MF7R-CH7R Cross site scripting in yetiforce/yetiforce-crm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

4.8CVSS4.8AI score0.00409EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.3 views

PT-2022-4428 · Unknown · Yetiforcecrm

Name of the Vulnerable Software and Affected Versions: yetiforcecrm versions prior to 6.4.0 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability in the YetiFroce CRM system, which is caused by the lack of protection measures for the web page structure. This allow...

10CVSS6.5AI score0.00725EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.4 views

PT-2022-4372 · Yetiforce · Yetiforcecrm

Name of the Vulnerable Software and Affected Versions: yetiforcecrm versions prior to 6.4.0 Description: The issue is related to a Cross-site Scripting XSS - Stored vulnerability in the YetiForce CRM system, which is caused by the lack of protection measures for the web page structure. This allow...

7CVSS5.6AI score0.00429EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2022/08/21 8:15 a.m.5 views

CVE-2022-2885

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

6.7CVSS5.9AI score0.00409EPSS
Exploits1References3
OSV
OSV
added 2022/08/21 8:5 a.m.26 views

CVE-2022-2885 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

6.7CVSS6.3AI score0.00409EPSS
Exploits1References4
Veracode
Veracode
added 2022/05/06 6:23 a.m.23 views

Cross-site Scripting (XSS)

yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation before uploading files in Fields.php, allowing an attacker to upload malicious files...

6.1CVSS2.3AI score0.00728EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/06 12:0 a.m.25 views

GHSA-PQR6-3J58-9W58 Unrestricted Upload of File with Dangerous Type in yetiforce-crm

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...

6.1CVSS6.2AI score0.00728EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/06 12:0 a.m.28 views

Unrestricted Upload of File with Dangerous Type in yetiforce-crm

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...

9.1CVSS2.9AI score0.00728EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/05 11:15 a.m.5 views

CVE-2022-1411

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...

9.1CVSS7AI score0.00728EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/01/27 4:21 p.m.33 views

Cross-Site Request Forgery in yetiforce

Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users...

8CVSS5.3AI score0.00531EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/01/27 4:21 p.m.18 views

GHSA-7G7R-GR46-Q4P5 Cross-Site Request Forgery in yetiforce

Versions of yetiforce 6.3.0 and prior are subject to privilege escalation via a cross site request forgery bug. This allows an attacker to create a new admin account even with SameSite: Strict enabled. This vulnerability can be exploited by any user on the system including guest users...

8CVSS7.8AI score0.00531EPSS
Exploits1References4
Veracode
Veracode
added 2022/01/25 5:41 a.m.17 views

Cross-Site Request Forgery (CSRF)

yetiforce/yetiforce-crm is vulnerable to cross-site request forgery. The vulnerability exists due to insufficient permissions checks which allows a malicious attacker to create a new admin account and cause a csrf attack...

8CVSS4AI score0.00531EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/24 12:15 p.m.5 views

CVE-2022-0269

Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...

8CVSS7.5AI score0.00531EPSS
Exploits1References3
NVD
NVD
added 2022/01/24 12:15 p.m.37 views

CVE-2022-0269

Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...

8CVSS0.00531EPSS
Exploits1References2
Prion
Prion
added 2022/01/24 12:15 p.m.14 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...

6CVSS7.8AI score0.00531EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/01/24 11:30 a.m.78 views

CVE-2022-0269

CVE-2022-0269 describes a CSRF vulnerability in yetiforce/yetiforce-crm prior to version 6.3.0. The issue affects the Web application and, per connected sources, could allow an attacker to perform unauthorized actions, including privilege escalation to create a new admin account in some scenarios...

8CVSS7.8AI score0.00531EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/24 11:30 a.m.24 views

CVE-2022-0269 Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm

Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...

8CVSS7.8AI score0.00531EPSS
Exploits1References4
Veracode
Veracode
added 2021/12/24 9:4 p.m.20 views

Business Logic Errors

yetiforce/yetiforce-crm is vulnerable to business logic errors. The vulnerability exists due to an insufficient validation for weight fields...

4.3CVSS3AI score0.00708EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder