Lucene search
K

377 matches found

CVE
CVE
added 2019/08/05 6:52 p.m.59 views

CVE-2019-14550

EspoCRM before 5.6.9 is affected by a Stored XSS vulnerability. An attacker can inject malicious JavaScript via the add tab list feature, which executes when a victim clicks Edit Dashboard on the Homepage, enabling cookie theft and account compromise. A fix is available in version 5.6.9 (see link...

5.4CVSS5.1AI score0.0108EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/08/05 6:48 p.m.26 views

CVE-2019-14549

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible...

5.2AI score0.0108EPSS
Exploits1References4
CVE
CVE
added 2019/08/05 6:48 p.m.62 views

CVE-2019-14549

EspoCRM prior to v5.6.9 is affected by a stored XSS vulnerability in the title and breadcrumb of newly created entities, potentially stealing cookies when a public link is visited. The underlying issue allows injection of JavaScript by a malicious user into those fields. A fix is available in the...

5.4CVSS5.1AI score0.0108EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2019/07/29 12:0 a.m.3 views

EspoCRM Trust Management Issue Vulnerabilities

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. EspoCRM is vulnerable to a trust management issue. An attacker can exploit this vulnerability to brute-force break a user's...

8.8CVSS6.9AI score0.01263EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/29 12:0 a.m.4 views

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-24797)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.6. The vulnerability stems from the WEB application...

6.1CVSS6.4AI score0.01327EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/29 12:0 a.m.3 views

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-24800)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM version 5.6.4. The vulnerability stems from the WEB application lacking...

6.1CVSS6.4AI score0.00865EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/29 12:0 a.m.2 views

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-24801)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM version 5.6.4. The vulnerability stems from the WEB application lacking...

6.1CVSS6.4AI score0.00865EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/29 12:0 a.m.4 views

EspoCRM cross-site scripting vulnerability (CNVD-2019-24798)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.6. The vulnerability stems from the WEB application...

6.1CVSS6.4AI score0.01327EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/29 12:0 a.m.3 views

EspoCRM cross-site scripting vulnerability (CNVD-2019-24799)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.6. The vulnerability stems from the WEB application...

6.1CVSS6.4AI score0.01327EPSS
Exploits1References1
NVD
NVD
added 2019/07/28 4:15 p.m.21 views

CVE-2019-14349

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...

6.1CVSS6AI score0.00865EPSS
Exploits1References1
NVD
NVD
added 2019/07/28 4:15 p.m.14 views

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...

8.8CVSS8.6AI score0.01263EPSS
Exploits1References1
NVD
NVD
added 2019/07/28 4:15 p.m.26 views

CVE-2019-14350

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation...

6.1CVSS6AI score0.00865EPSS
Exploits1References1
OSV
OSV
added 2019/07/28 4:15 p.m.12 views

CVE-2019-14349

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2019/07/28 4:15 p.m.11 views

CVE-2019-14350

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2019/07/28 4:15 p.m.14 views

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...

8.8CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2019/07/28 4:15 p.m.12 views

Design/Logic Flaw

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation...

4.3CVSS5.9AI score0.00865EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/07/28 4:15 p.m.18 views

Cross site scripting

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...

4.3CVSS5.9AI score0.00865EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/28 3:27 p.m.16 views

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...

8.6AI score0.01263EPSS
Exploits1References1
CVE
CVE
added 2019/07/28 3:27 p.m.114 views

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration . An authenticated attacker can brute-force a user password hash one symbol at a time using specially crafted api/v1/User?filterList filters. The connected documents confirm the affected product/version and the attack method; no exploi...

8.8CVSS8.5AI score0.01263EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/28 3:26 p.m.21 views

CVE-2019-14350

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation...

6AI score0.00865EPSS
Exploits1References1
Rows per page
Query Builder