CVE-2026-5370

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

EUVD-2026-18484

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the composeMail function...

CVE-2026-5370

The vulnerability CVE-2026-5370 affects krayin laravel-crm up to 2.2 . The issue is in the Activities Module/Notes Module specifically the function composeMail in the file path shown, where manipulation leads to cross-site scripting . Remote exploitation is possible and the exploit is publicly av...

CVE-2026-5370

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

Webkul Krayin CRM 代码注入漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Versions of Webkul Krayin CRM 2.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an error in the composeMail function of the...

EUVD-2010-3887

Malware in sbrugna...

CVE-2009-3250

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...

CVE-2009-3250

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...

CVE-2002-1710

BasiliX Webmail 1.1.0 (or lower) contains an Arbitrary File Disclosure vulnerability in the attachment handling of Compose Mail. The PHP-based script accepts a list of attachment names from the client but does not verify that those attachments were actually uploaded, allowing an attacker to retri...