377 matches found
CVE-2025-32789
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789
EspoCRM (open-source CRM) prior to version 9.0.7 is affected by a vulnerability in the user password hashing disclosure feature. The issue allows an attacker to infer other users’ password hashes by sorting the user list by the password hash, potentially enabling password changes if the attacker ...
CVE-2025-32385
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
EspoCRM 安全漏洞
EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM versions prior to 9.0.7 that stems from improper password has...
PT-2025-16908 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.7 Description: The issue allows an attacker to make assumptions about the hash values of other users' passwords based on the sorted list of users. If an attacker knows the hash value of their password, they can...
CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
CVE-2025-32385
EspoCRM before version 9.0.5 is affected by a vulnerability in the Iframe dashlet where the iframe lacks a sandbox attribute, allowing the remote page to open popups outside the iframe and potentially trick users via phishing. The iframe URL is user-supplied, and the remote page can also send mes...
CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
PT-2025-16546 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.5 Description: The issue concerns the Iframe dashlet in EspoCRM, which allows users to display iframes with arbitrary URLs. Since the sandbox attribute is not included in the iframe, a remote page can open popups...
EspoCRM 安全漏洞
EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM versions prior to 9.0.5 that stems from a lack of sandboxing...
BIT-ESPOCRM-2024-24818
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...
CVE-2024-24818
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...
EspoCRM 安全漏洞
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM 8.1.1 and prior versions, which originates from a vulnerability that allows an attacke...
Default credentials
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...
BIT-ESPOCRM-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
BIT-ESPOCRM-2022-38843
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server...