70 matches found
GHSA-J85F-XW9X-FFWP yetiforcecrm is vulnerable to Cross-site Scripting
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Denial Of Service (DoS)
yetiforce/yetiforce-crm is vulnerable to denial of service. The library does not properly validate negative numbers in the validate function in FieldValidator.js, allowing an attacker to crash the application by providing negative product amounts...
YetiForceCrm 输入验证错误漏洞
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A processing logic error vulnerability exists in Yetiforcecrm that stems from Yetiforcecrm's susceptibility to business logic errors...
Cross-Site Request Forgery (CSRF)
yetiforce/yetiforce-crm is vulnerable to cross-site request forgery. The vulnerability exists in PasswordModalFooter.tpl, allowing a malicious attacker to log out a user as if the authenticated user visits the attacker's website...
YetiForceCrm 跨站请求伪造漏洞
YetiForceCrm is an open source Crm system from the Polish company YetiForce. Yetiforcecrm suffers from a cross-site request forgery vulnerability, for which no detailed vulnerability details are currently available...
Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrm
Description Application is vulnerable to Reflected cross site scripting attack on create Invoice. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Quick Create - Cost Invoice Step 3: Click on Source and enter the XSS Playload in...
YetiForce CRM Cross Site Scripting
Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...
YetiForce CRM 3.1 - Persistent Cross-Site Scripting
YetiForce CRM 3.1 - Persistent Cross-Site Scripting Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...
YetiForce CRM < 3.1 - Persistent Cross-Site Scripting
Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...
YetiForce CRM < 3.1 - Persistent Cross-Site Scripting
Exploit for php platform in category web applications Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts' 0day.today 2018-03-28...