Lucene search
+L

70 matches found

OSV
OSV
added 2021/12/17 8:0 p.m.26 views

GHSA-J85F-XW9X-FFWP yetiforcecrm is vulnerable to Cross-site Scripting

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.4CVSS6.1AI score0.00764EPSS
Exploits1References4
Veracode
Veracode
added 2021/12/16 5:55 a.m.15 views

Denial Of Service (DoS)

yetiforce/yetiforce-crm is vulnerable to denial of service. The library does not properly validate negative numbers in the validate function in FieldValidator.js, allowing an attacker to crash the application by providing negative product amounts...

4.3CVSS5.7AI score0.0062EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/12/15 12:0 a.m.6 views

YetiForceCrm 输入验证错误漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A processing logic error vulnerability exists in Yetiforcecrm that stems from Yetiforcecrm's susceptibility to business logic errors...

7.3CVSS6.3AI score0.0062EPSS
Exploits1References3
Veracode
Veracode
added 2021/12/13 10:21 a.m.21 views

Cross-Site Request Forgery (CSRF)

yetiforce/yetiforce-crm is vulnerable to cross-site request forgery. The vulnerability exists in PasswordModalFooter.tpl, allowing a malicious attacker to log out a user as if the authenticated user visits the attacker's website...

4.3CVSS4AI score0.00382EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/12/11 12:0 a.m.5 views

YetiForceCrm 跨站请求伪造漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. Yetiforcecrm suffers from a cross-site request forgery vulnerability, for which no detailed vulnerability details are currently available...

4.3CVSS5.4AI score0.00382EPSS
Exploits1References2
Huntr
Huntr
added 2021/12/10 6:38 p.m.21 views

Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrm

Description Application is vulnerable to Reflected cross site scripting attack on create Invoice. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Quick Create - Cost Invoice Step 3: Click on Source and enter the XSS Playload in...

4.3CVSS0.1AI score0.00782EPSS
Exploits1
Packet Storm
Packet Storm
added 2016/06/22 12:0 a.m.27 views

YetiForce CRM Cross Site Scripting

Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/06/21 12:0 a.m.21 views

YetiForce CRM 3.1 - Persistent Cross-Site Scripting

YetiForce CRM 3.1 - Persistent Cross-Site Scripting Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2016/06/21 12:0 a.m.34 views

YetiForce CRM < 3.1 - Persistent Cross-Site Scripting

Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/06/21 12:0 a.m.103 views

YetiForce CRM < 3.1 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts' 0day.today 2018-03-28...

7.1AI score
Exploits0
Rows per page
Query Builder