Lucene search
K

7280 matches found

Nuclei
Nuclei
added yesterday16 views

CRM Perks Forms <= 1.1.4 - SQL Injection

CRM Perks CRM Perks Forms affected versions 1.1.4 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2024-30498 info: name: CRM Perks Forms ...

10CVSS7.2AI score0.02267EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday60 views

CRM Perks Forms < 1.1.1 - Cross Site Scripting

The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting id: CVE-2022-38467 info: name: CRM Perks Forms 1.1.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does...

6.1CVSS6.4AI score0.0081EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday58 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03613EPSS
Exploits1References2
NVD
NVD
added yesterday8 views

CVE-2026-44768

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS0.00165EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-44768 Security misconfiguration in SAP CRM (WebClient UI)

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS0.00165EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-44768

Summary: CVE-2026-44768 affects the SAP CRM WebClient UI. The vulnerability arises from the absence of a Content Security Policy (CSP) configuration for certain restrictive directives, enabling an attacker to inject and execute malicious scripts in the application context. According to the source...

4.1CVSS6.2AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-43592

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS6.2AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2 days ago3 views

CVE-2026-57715

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57421

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms: from n/a through = 1.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57715 WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-57715

CVE-2026-57715 affects the WordPress Fluent CRM plugin (Fluent CRM) up to version

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57421 WordPress CRM Perks Forms plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms: from n/a through = 1.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57421

CRM Perks Forms WordPress plugin (versions

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-57754

Name of the Vulnerable Software and Affected Versions WPManageNinja Fluent CRM versions prior to 3.1.8 Description An issue involving improper neutralization of input during web page generation allows for Reflected Cross-site Scripting XSS, a technique where malicious scripts are injected into a...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2025-5017

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

4.9CVSS0.00258EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2025-210456

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

4.9CVSS6.1AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 4 days ago17 views

CVE-2025-5017

Summary: The Catalyst Connect Zoho CRM Client Portal WordPress plugin (≤ 2.2.0) is vulnerable to time-based SQL Injection via the uid parameter. The root cause is insufficient escaping of user input and lack of proper query parameterization, enabling authenticated attackers with Administrator-lev...

4.9CVSS6.1AI score0.00258EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago40 views

CVE-2025-5017 Catalyst Connect Zoho CRM Client Portal <= 2.2.0 - Authenticated (Administrator+) SQL Injection via uid Parameter

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

4.9CVSS0.00258EPSS
Exploits0References3
CVE
CVE
added 5 days ago6 views

CVE-2026-61460

Krayin CRM up to version 2.2.3 is affected by an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. The root cause is missing record-level ownership validation in edit, update, and destroy methods, e...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
Rows per page
Query Builder