4 matches found
Multiple vulnerabilities in EspoCRM
Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...
CVE-2014-7987
CVE-2014-7987 affects EspoCRM prior to 2.6.0 and is a reflected cross-site scripting vulnerability. The issue arises from unsanitized input in the GET parameter desc passed to /install/index.php (via the errors path), allowing remote attackers to inject arbitrary HTML/JS. Connected advisories con...
EspoCRM 2.5.2 XSS / LFI / Access Control Vulnerabilities
EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities. Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical...
EspoCRM 2.5.2 XSS / LFI / Access Control
Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...