Lucene search
K

377 matches found

Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.5 views

PT-2022-24595 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM version 7.1.8 Description: The issue allows remote users to run malicious JavaScript in a victim's browser via sending a crafted CSV file containing malicious JavaScript to an authenticated user. Any authenticated user importing the...

6.1CVSS6AI score0.00626EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.8 views

PT-2022-24594 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EsppoCRM version 7.1.8 Description: The issue allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. An admin user exporting contacts in a CSV file may end up executi...

8CVSS7.5AI score0.01138EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.4 views

EspoCRM 跨站脚本漏洞

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM version 7.1.8, which stems from an import feature that contains cross-site scripting...

6.1CVSS6AI score0.00626EPSS
Exploits1References2
NVD
NVD
added 2021/08/04 11:15 p.m.15 views

CVE-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

6.3CVSS0.00543EPSS
Exploits0References1
OSV
OSV
added 2021/08/04 11:15 p.m.12 views

CVE-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

5.4CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2021/08/04 11:15 p.m.19 views

Cross site scripting

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

3.5CVSS5.3AI score0.00543EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/08/04 10:20 p.m.227 views

CVE-2021-3539

CVE-2021-3539 affects EspoCRM 6.1.6 and earlier, with a persistent (type II) cross-site scripting (XSS) vulnerability in handling user-supplied avatar images. The issue is fixed in version 6.1.7. The connected documents corroborate the vulnerability and the fix; no exploit details are provided. R...

6.3CVSS5.8AI score0.00543EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/04 10:20 p.m.27 views

CVE-2021-3539 EspoCRM Avatar Persistent XSS

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

6.3CVSS6.1AI score0.00543EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/04 12:0 a.m.2 views

PT-2021-20904 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions 6.1.6 and prior Description: The issue is a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This vulnerability was fixed in version 6.1.7 of the product. Recommendations: F...

8.1CVSS5.9AI score0.00961EPSS
Exploits0References15
CNNVD
CNNVD
added 2021/08/04 12:0 a.m.6 views

EspoCRM 跨站脚本漏洞

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM version 6.1.6 and earlier, which stems from a persistent Class II cross-site scripting...

6.3CVSS6.4AI score0.00543EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2021/07/27 2:30 p.m.360 views

Multiple Open Source Web App Vulnerabilities Fixed

Today, Rapid7 is disclosing 9 vulnerabilities that affect 3 open-source projects: EspoCRM, Pimcore, and Akaunting. Right out of the gate, I'd like to give a special thanks to these 3 open-source project maintainers. While it's never great to learn of new vulnerabilities in your own product, all 3...

9CVSS8.1AI score0.01499EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2021/07/27 1:5 p.m.4 views

CVE-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

6.3CVSS5.1AI score0.00543EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2021/07/27 1:1 p.m.106 views

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. A...

9.1CVSS7.8AI score0.01499EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/04/24 12:0 a.m.182 views

EspoCRM 5.8.5 - Privilege Escalation

Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT ------------- Details:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.24 views

EspoCRM 5.8.5 - Privilege Escalation Vulnerability

Exploit for multiple platform in category web applications Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/24 12:0 a.m.85 views

EspoCRM 5.8.5 Privilege Escalation

Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT ------------- Details:...

0.5AI score
Exploits0
CNVD
CNVD
added 2019/08/06 12:0 a.m.2 views

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2020-16551)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.9. The vulnerability stems from the lack of proper...

5.4CVSS6.4AI score0.0108EPSS
Exploits1References1
CNVD
CNVD
added 2019/08/06 12:0 a.m.2 views

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-30788)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.9, which can be exploited by an attacker to execute...

5.4CVSS6.4AI score0.0108EPSS
Exploits1References1
CNVD
CNVD
added 2019/08/06 12:0 a.m.8 views

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-30786)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.9, which can be exploited by an attacker to execute...

5.4CVSS6.4AI score0.0108EPSS
Exploits1References1
NVD
NVD
added 2019/08/05 7:15 p.m.22 views

CVE-2019-14548

An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside...

5.4CVSS5.2AI score0.0108EPSS
Exploits1References4
Rows per page
Query Builder