Lucene search
K

377 matches found

NVD
NVD
added 2025/04/16 10:15 p.m.15 views

CVE-2025-32789

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

3.7CVSS0.00345EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/04/16 9:45 p.m.36 views

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

3.1CVSS0.00345EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/04/16 9:45 p.m.14 views

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

3.1CVSS3.7AI score0.00345EPSS
Exploits1References3
OSV
OSV
added 2025/04/16 9:45 p.m.16 views

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

3.1CVSS6.7AI score0.00345EPSS
Exploits1References5
CVE
CVE
added 2025/04/16 9:45 p.m.81 views

CVE-2025-32789

EspoCRM (open-source CRM) prior to version 9.0.7 is affected by a vulnerability in the user password hashing disclosure feature. The issue allows an attacker to infer other users’ password hashes by sorting the user list by the password hash, potentially enabling password changes if the attacker ...

3.7CVSS3.7AI score0.00345EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/04/16 12:15 a.m.17 views

CVE-2025-32385

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...

6.5CVSS0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.2 views

EspoCRM 安全漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM versions prior to 9.0.7 that stems from improper password has...

3.7CVSS6.6AI score0.00345EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.4 views

PT-2025-16908 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.7 Description: The issue allows an attacker to make assumptions about the hash values of other users' passwords based on the sorted list of users. If an attacker knows the hash value of their password, they can...

3.7CVSS6.5AI score0.00345EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/04/15 11:23 p.m.8 views

CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...

5.3CVSS6.9AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 11:23 p.m.72 views

CVE-2025-32385

EspoCRM before version 9.0.5 is affected by a vulnerability in the Iframe dashlet where the iframe lacks a sandbox attribute, allowing the remote page to open popups outside the iframe and potentially trick users via phishing. The iframe URL is user-supplied, and the remote page can also send mes...

6.5CVSS5.3AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/15 11:23 p.m.16 views

CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...

5.3CVSS0.00248EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 11:23 p.m.6 views

CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...

5.3CVSS6.9AI score0.00248EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.10 views

PT-2025-16546 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.5 Description: The issue concerns the Iframe dashlet in EspoCRM, which allows users to display iframes with arbitrary URLs. Since the sandbox attribute is not included in the iframe, a remote page can open popups...

6.5CVSS7.2AI score0.00248EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.3 views

EspoCRM 安全漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM versions prior to 9.0.5 that stems from a lack of sandboxing...

6.5CVSS6.4AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2024/03/31 6:17 p.m.20 views

BIT-ESPOCRM-2024-24818

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS5.6AI score0.00615EPSS
Exploits1References2
NVD
NVD
added 2024/03/21 2:52 a.m.13 views

CVE-2024-24818

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS5.7AI score0.00615EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.6 views

EspoCRM 安全漏洞

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM 8.1.1 and prior versions, which originates from a vulnerability that allows an attacke...

5.9CVSS6.6AI score0.00615EPSS
Exploits1References3
Prion
Prion
added 2024/03/14 10:51 p.m.40 views

Default credentials

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

7.3AI score0.00615EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/06 10:52 a.m.20 views

BIT-ESPOCRM-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

6.3CVSS5.8AI score0.00543EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:52 a.m.15 views

BIT-ESPOCRM-2022-38843

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server...

8.8CVSS8.9AI score0.01121EPSS
Exploits1References1
Rows per page
Query Builder