Lucene search
K

4 matches found

securityvulns
securityvulns
added 2014/11/03 12:0 a.m.103 views

Multiple vulnerabilities in EspoCRM

Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...

10CVSS0.1AI score0.05026EPSS
Exploits5
CVE
CVE
added 2014/10/31 2:0 p.m.54 views

CVE-2014-7987

CVE-2014-7987 affects EspoCRM prior to 2.6.0 and is a reflected cross-site scripting vulnerability. The issue arises from unsanitized input in the GET parameter desc passed to /install/index.php (via the errors path), allowing remote attackers to inject arbitrary HTML/JS. Connected advisories con...

4.3CVSS5.7AI score0.02174EPSS
Exploits3References5Affected Software1
0day.today
0day.today
added 2014/10/30 12:0 a.m.84 views

EspoCRM 2.5.2 XSS / LFI / Access Control Vulnerabilities

EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities. Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical...

10CVSS6.3AI score0.05026EPSS
Exploits5
Packet Storm
Packet Storm
added 2014/10/29 12:0 a.m.61 views

EspoCRM 2.5.2 XSS / LFI / Access Control

Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...

10CVSS0.4AI score0.05026EPSS
Exploits5
Rows per page
Query Builder