377 matches found
CVE-2019-13643
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...
Cross site scripting
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...
CVE-2019-13643
EspoCRM before 5.6.4 is affected by a stored XSS vulnerability. A malicious payload can be stored in a new stream message and later triggered by clicking a link on the Notifications page, allowing remote execution of JavaScript in the victim’s browser. Root cause is a stored XSS in the stream mes...
CVE-2019-13643
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...
CVE-2018-17302
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...
CVE-2018-17301
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...
CVE-2018-17302
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...
CVE-2018-17301
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...
Cross site scripting
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...
Cross site scripting
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...
CVE-2018-17301
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...
CVE-2018-17302
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...
CVE-2018-17302
CVE-2018-17302 corresponds to a stored XSS in EspoCRM 5.3.6. The vulnerability is in views/fields/wysiwyg.js and is exploitable via the URL fragment /#Email/view (saved draft message). The available sources consistently describe a stored XSS condition affecting EspoCRM 5.3.6; no further details o...
CVE-2018-17301
CVE-2018-17301 — EspoCRM 5.3.6 has a reflected XSS in the file client/res/templates/global-search/name-field.tpl , exploitable via the /#Account search panel. The vulnerability stems from improper handling of user-supplied input in the global search name field, allowing injection of arbitrary Jav...
EspoCRM Cross-Site Scripting Vulnerability
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in the views/fields/wysiwyg.js file in EspoCRM version 5.3.6. A remote attacker can...
EspoCRM Cross-Site Scripting Vulnerability (CNVD-2018-20109)
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in the client/res/templates/global-search/name-field.tpl file in EspoCRM version 5.3....
Multiple vulnerabilities in EspoCRM
Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...
CVE-2014-7987
Cross-site scripting XSS vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php...
CVE-2014-7986
install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter...
CVE-2014-7985
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter to install/index.php...