2 matches found
CVE-2026-33659 EspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...
Espo CRM Cross Site Scripting
Affected software: http://www.espocrm.com/demo/ Discovered by: Ankit Bharathan Website: ankitbharathan.blogspot.com Type of vulnerability: Stored xss Description: A web application that allows you to see, enter and evaluate all your company relationships regardless of the type. People, companies,...