Lucene search
K

377 matches found

OSV
OSV
added 2024/03/06 10:52 a.m.16 views

BIT-ESPOCRM-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

8CVSS7.8AI score0.01138EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 10:52 a.m.19 views

BIT-ESPOCRM-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

6.1CVSS6AI score0.00626EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 10:52 a.m.14 views

BIT-ESPOCRM-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

5.9CVSS5.6AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 10:52 a.m.23 views

BIT-ESPOCRM-2023-46736

EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...

6.5CVSS6.4AI score0.00358EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:51 a.m.41 views

BIT-ESPOCRM-2023-5965

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

7.2CVSS8.2AI score0.01049EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/29 3:17 p.m.13 views

CVE-2024-24818 EspoCRM weakness in "Forgot password"

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS6.7AI score0.00615EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/29 3:17 p.m.21 views

CVE-2024-24818 EspoCRM weakness in "Forgot password"

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS5.8AI score0.00615EPSS
Exploits1References2
OSV
OSV
added 2024/02/29 3:17 p.m.33 views

CVE-2024-24818 EspoCRM weakness in "Forgot password"

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

5.9CVSS6.7AI score0.00615EPSS
Exploits1References4
CVE
CVE
added 2024/02/29 3:17 p.m.53 views

CVE-2024-24818

CVE-2024-24818 affects EspoCRM. The vulnerability stems from an input/control on the Password Change page that allows an attacker to inject arbitrary IPs or domains, enabling redirection of victims to a malicious page. This could facilitate credential theft or related attacks. Public documentatio...

5.9CVSS5.6AI score0.00615EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.6 views

PT-2024-20584 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 8.1.2 Description: The issue allows an attacker to inject arbitrary IP or domain in the "Password Change" page, potentially redirecting the victim to a malicious page. This could lead to credential stealing or other...

5.9CVSS6.3AI score0.00615EPSS
Exploits1References7
NVD
NVD
added 2023/12/05 9:15 p.m.18 views

CVE-2023-46736

EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...

6.5CVSS0.00358EPSS
Exploits0References3
Prion
Prion
added 2023/12/05 9:15 p.m.14 views

Server side request forgery (ssrf)

EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...

4CVSS6.9AI score0.00358EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/05 8:55 p.m.22 views

CVE-2023-46736 Server-Side Request Forgery in espocrm

EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...

5.3CVSS6.6AI score0.00358EPSS
Exploits0References3
CVE
CVE
added 2023/12/05 8:55 p.m.58 views

CVE-2023-46736

CVE-2023-46736 affects EspoCRM, with a Server-Side Request Forgery (SSRF) vulnerability in the image URL upload flow via the path “/Attachment/fromImageUrl”. The flaw allows an attacker with access to that endpoint to specify an internal URL, bypass content-type checks via redirects, and potentia...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/12/05 8:55 p.m.15 views

CVE-2023-46736 Server-Side Request Forgery in espocrm

EspoCRM is an Open Source CRM Customer Relationship Management software. In affected versions there is Server-Side Request Forgery SSRF vulnerability via the upload image from url api. Users who have access to the /Attachment/fromImageUrl endpoint can specify URL to point to an internal host. Eve...

5.3CVSS6.5AI score0.00358EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/05 12:0 a.m.4 views

EspoCRM Code Issues Vulnerabilities

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A code issue vulnerability exists in EspoCRM 8.0.2 and prior versions that stems from the presence of a Server Request Forgery SS...

6.5CVSS6.4AI score0.00358EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/30 2:15 p.m.8 views

CVE-2023-5966

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

7.2CVSS6AI score0.01049EPSS
Exploits0References2
OSV
OSV
added 2023/11/30 2:15 p.m.13 views

CVE-2023-5966

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

7.2CVSS7.2AI score
Exploits0References1
OSV
OSV
added 2023/11/30 2:15 p.m.15 views

CVE-2023-5965

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

7.2CVSS7.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/30 2:15 p.m.4 views

CVE-2023-5965

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

7.2CVSS6AI score0.01049EPSS
Exploits0References2
Rows per page
Query Builder