Lucene search
K

377 matches found

Vulnrichment
Vulnrichment
added 2025/08/05 12:17 a.m.4 views

CVE-2025-52892 EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes e.g https://domain//Admin and the webserver does not strip the double slash, it can cause ...

4.5CVSS6.9AI score0.00238EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/05 12:17 a.m.23 views

CVE-2025-52892 EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes e.g https://domain//Admin and the webserver does not strip the double slash, it can cause ...

4.5CVSS0.00238EPSS
Exploits0References2
OSV
OSV
added 2025/08/05 12:17 a.m.5 views

CVE-2025-52892 EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes e.g https://domain//Admin and the webserver does not strip the double slash, it can cause ...

4.5CVSS6.7AI score0.00238EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.3 views

EspoCRM 环境问题漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. An environmental issue vulnerability exists in EspoCRM 9.1.6 and prior versions, which stems from a doub...

6.5CVSS6.7AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.12 views

PT-2025-31880 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions 9.1.6 and below Description: EspoCRM is a web application featuring a single-page application frontend and a PHP-based REST API backend. If a user accesses EspoCRM in a browser with double slashes e.g., https://domain//Admin...

4.5CVSS6.5AI score0.00238EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/07/23 6:24 p.m.6 views

CVE-2025-52575

EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...

6.5CVSS6.7AI score0.00705EPSS
Exploits1References1
NVD
NVD
added 2025/07/21 6:15 p.m.3 views

CVE-2025-52575

EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...

6.5CVSS0.00705EPSS
Exploits1References2
CVE
CVE
added 2025/07/21 5:48 p.m.27 views

CVE-2025-52575

CVE-2025-52575 maps to EspoCRM 9.1.6 and earlier, which are vulnerable to blind LDAP injection when LDAP authentication is enabled. An unauthenticated remote attacker can manipulate LDAP queries by injecting crafted inputs (e.g., wildcard characters) to bypass authentication, enumerate usernames,...

6.5CVSS7.5AI score0.00705EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/21 5:48 p.m.3 views

CVE-2025-52575 EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements

EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...

6.5CVSS7.5AI score0.00705EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/21 5:48 p.m.8 views

CVE-2025-52575 EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements

EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...

6.5CVSS0.00705EPSS
Exploits1References2
OSV
OSV
added 2025/07/21 5:48 p.m.4 views

CVE-2025-52575 EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements

EspoCRM is an Open Source CRM Customer Relationship Management software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard...

6.5CVSS7.2AI score0.00705EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.2 views

EspoCRM 注入漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. An injection vulnerability exists in EspoCRM 9.1.6 and earlier versions, which stems from insufficient...

6.5CVSS7AI score0.00705EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.3 views

PT-2025-30320 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions 9.1.6 and earlier Description: EspoCRM is an Open Source CRM Customer Relationship Management software. Versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote,...

6.5CVSS6.7AI score0.00705EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.11 views

CVE-2024-24818

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS6.7AI score0.00615EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:8 a.m.7 views

CVE-2023-46736

EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...

6.5CVSS6.7AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:20 p.m.5 views

CVE-2022-38843

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server...

8.8CVSS8.8AI score0.01121EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:15 p.m.5 views

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

5.9CVSS6AI score0.00418EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.6 views

CVE-2019-14550

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus...

5.4CVSS5.8AI score0.0108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.10 views

CVE-2019-14547

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the...

5.4CVSS5.8AI score0.0108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.9 views

CVE-2019-14546

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, whi...

5.4CVSS5.8AI score0.01089EPSS
Exploits1References1
Rows per page
Query Builder