7273 matches found
EUVD-2026-43592
SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...
CVE-2026-57715
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...
CVE-2026-57708
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...
CVE-2026-57421
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms: from n/a through = 1.1.7...
CVE-2026-57715
CVE-2026-57715 affects the WordPress Fluent CRM plugin (Fluent CRM) up to version
CVE-2026-57715 WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...
CVE-2026-57421 WordPress CRM Perks Forms plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms: from n/a through = 1.1.7...
CVE-2026-57421
CRM Perks Forms WordPress plugin (versions
CRM Perks Forms <= 1.1.4 - SQL Injection
CRM Perks CRM Perks Forms affected versions 1.1.4 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2024-30498 info: name: CRM Perks Forms ...
Vtiger CRM v7.2.0 - Directory Listing
Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...
CRM Perks Forms < 1.1.1 - Cross Site Scripting
The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting id: CVE-2022-38467 info: name: CRM Perks Forms 1.1.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does...
CVE-2025-5017
The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
EUVD-2025-210456
The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-5017
Summary: The Catalyst Connect Zoho CRM Client Portal WordPress plugin (≤ 2.2.0) is vulnerable to time-based SQL Injection via the uid parameter. The root cause is insufficient escaping of user input and lack of proper query parameterization, enabling authenticated attackers with Administrator-lev...
CVE-2026-61460
Krayin CRM up to version 2.2.3 is affected by an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. The root cause is missing record-level ownership validation in edit, update, and destroy methods, e...
CVE-2026-61460 Krayin CRM Insecure Direct Object Reference via Controllers
Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...
WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Fluent CRM versions = 3.1.7...
CVE-2026-23698
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23697
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...