377 matches found
PT-2022-24595 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM version 7.1.8 Description: The issue allows remote users to run malicious JavaScript in a victim's browser via sending a crafted CSV file containing malicious JavaScript to an authenticated user. Any authenticated user importing the...
PT-2022-24594 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EsppoCRM version 7.1.8 Description: The issue allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. An admin user exporting contacts in a CSV file may end up executi...
EspoCRM 跨站脚本漏洞
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM version 7.1.8, which stems from an import feature that contains cross-site scripting...
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
Cross site scripting
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
CVE-2021-3539
CVE-2021-3539 affects EspoCRM 6.1.6 and earlier, with a persistent (type II) cross-site scripting (XSS) vulnerability in handling user-supplied avatar images. The issue is fixed in version 6.1.7. The connected documents corroborate the vulnerability and the fix; no exploit details are provided. R...
CVE-2021-3539 EspoCRM Avatar Persistent XSS
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
PT-2021-20904 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions 6.1.6 and prior Description: The issue is a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This vulnerability was fixed in version 6.1.7 of the product. Recommendations: F...
EspoCRM 跨站脚本漏洞
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM version 6.1.6 and earlier, which stems from a persistent Class II cross-site scripting...
Multiple Open Source Web App Vulnerabilities Fixed
Today, Rapid7 is disclosing 9 vulnerabilities that affect 3 open-source projects: EspoCRM, Pimcore, and Akaunting. Right out of the gate, I'd like to give a special thanks to these 3 open-source project maintainers. While it's never great to learn of new vulnerabilities in your own product, all 3...
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. A...
EspoCRM 5.8.5 - Privilege Escalation
Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT ------------- Details:...
EspoCRM 5.8.5 - Privilege Escalation Vulnerability
Exploit for multiple platform in category web applications Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT...
EspoCRM 5.8.5 Privilege Escalation
Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT ------------- Details:...
EspoCRM Cross-Site Scripting Vulnerability (CNVD-2020-16551)
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.9. The vulnerability stems from the lack of proper...
EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-30788)
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.9, which can be exploited by an attacker to execute...
EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-30786)
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.9, which can be exploited by an attacker to execute...
CVE-2019-14548
An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside...