8 matches found
CVE-2024-28434
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code...
CVE-2024-28435
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload...
CVE-2024-28435
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload...
CVE-2024-28435
Twenty CRM platform version 0.3.0 is affected by a server-side request forgery (SSRF) via the file upload feature. The root cause is SSRF in the file upload handling, which can allow an attacker to trigger requests to internal resources or make unauthorized requests. PT-Security notes remediation...
CVE-2024-28434
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code...
CVE-2023-3562
A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this...
GZScripts 跨站脚本漏洞
GZScripts is a script from GZScripts, Inc. A cross-site scripting vulnerability exists in GZ Scripts PHP CRM Platform version 1.8, which stems from incorrect manipulation of the parameter action leading to cross-site scripting...
CVE-2023-3562
GZ Scripts PHP CRM Platform 1.8 is affected by CVE-2023-3562. The vulnerability arises from improper handling of the action parameter in /index.php, enabling cross-site scripting. Reports consistently cite remote feasibility via a network vector, with the root cause described as manipulation of a...