Lucene search
K

377 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.8 views

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...

8.8CVSS6.8AI score0.01263EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.8 views

CVE-2019-14548

An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside...

5.4CVSS5.8AI score0.0108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.6 views

CVE-2019-14549

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible...

5.4CVSS5.8AI score0.0108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.7 views

CVE-2019-14329

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

6.1CVSS5.9AI score0.01327EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 a.m.7 views

CVE-2019-14330

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code...

6.1CVSS5.9AI score0.01327EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:37 a.m.8 views

CVE-2019-13643

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

6.1CVSS6.2AI score0.0114EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:58 a.m.11 views

CVE-2019-14331

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code...

6.1CVSS5.9AI score0.01327EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:30 a.m.9 views

CVE-2019-14349

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...

6.1CVSS5.9AI score0.00865EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:30 a.m.10 views

CVE-2019-14350

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation...

6.1CVSS5.9AI score0.00865EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:37 a.m.7 views

CVE-2014-8330

Cross-site scripting XSS vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account...

3.5CVSS5.5AI score0.00802EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/14 11:9 a.m.14 views

CVE-2025-32390

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.5CVSS6.8AI score0.00314EPSS
Exploits1References1
NVD
NVD
added 2025/05/12 11:15 a.m.27 views

CVE-2025-32390

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.5CVSS0.00314EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/12 10:30 a.m.13 views

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.4CVSS6.5AI score0.00314EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/12 10:30 a.m.27 views

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.4CVSS0.00314EPSS
Exploits1References2
CVE
CVE
added 2025/05/12 10:30 a.m.62 views

CVE-2025-32390

EspoCRM prior to version 9.0.8 is affected by HTML Injection in Knowledge Base articles. The issue arises from overly permissive HTML editing on KB articles, allowing an authenticated user with read KB privilege to inject content that can deface a page and capture submitted credentials in plainte...

8.5CVSS6.5AI score0.00314EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/05/12 10:30 a.m.8 views

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.4CVSS6.7AI score0.00314EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.3 views

EspoCRM 注入漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. An injection vulnerability exists in EspoCRM versions prior to 9.0.8 that stems from excessive HTML...

8.5CVSS6.8AI score0.00314EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.8 views

PT-2025-20690 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.8 Description: The issue allows for HTML Injection in Knowledge Base KB articles, leading to complete page defacement that can imitate the login page. Authenticated users with the read knowledge article privilege...

8.5CVSS6.3AI score0.00314EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/04/26 5:49 a.m.15 views

CVE-2025-32789

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

3.7CVSS6.5AI score0.00345EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/18 12:12 a.m.15 views

CVE-2025-32385

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...

6.5CVSS6.9AI score0.00248EPSS
Exploits0References1
Rows per page
Query Builder