Lucene search
K

377 matches found

NVD
NVD
added 2019/07/18 3:15 a.m.30 views

CVE-2019-13643

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

6.1CVSS6.2AI score0.0114EPSS
Exploits1References2
Prion
Prion
added 2019/07/18 3:15 a.m.18 views

Cross site scripting

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

4.3CVSS6.1AI score0.0114EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/07/18 2:17 a.m.49 views

CVE-2019-13643

EspoCRM before 5.6.4 is affected by a stored XSS vulnerability. A malicious payload can be stored in a new stream message and later triggered by clicking a link on the Notifications page, allowing remote execution of JavaScript in the victim’s browser. Root cause is a stored XSS in the stream mes...

6.1CVSS6AI score0.0114EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/07/18 2:17 a.m.20 views

CVE-2019-13643

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

6.2AI score0.0114EPSS
Exploits1References2
NVD
NVD
added 2018/09/21 7:29 a.m.21 views

CVE-2018-17302

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

5.4CVSS5.2AI score0.00632EPSS
Exploits1References2
NVD
NVD
added 2018/09/21 7:29 a.m.30 views

CVE-2018-17301

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...

5.4CVSS5.3AI score0.00674EPSS
Exploits1References2
OSV
OSV
added 2018/09/21 7:29 a.m.16 views

CVE-2018-17302

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

5.4CVSS5.8AI score0.00632EPSS
Exploits1References2
OSV
OSV
added 2018/09/21 7:29 a.m.17 views

CVE-2018-17301

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...

5.4CVSS6AI score0.00674EPSS
Exploits1References2
Prion
Prion
added 2018/09/21 7:29 a.m.12 views

Cross site scripting

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

3.5CVSS5.2AI score0.00632EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/09/21 7:29 a.m.8 views

Cross site scripting

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...

3.5CVSS5.2AI score0.00674EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/09/21 6:0 a.m.23 views

CVE-2018-17301

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /Account in the search panel...

5.3AI score0.00674EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/09/21 6:0 a.m.18 views

CVE-2018-17302

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

5.2AI score0.00632EPSS
Exploits1References2
CVE
CVE
added 2018/09/21 6:0 a.m.51 views

CVE-2018-17302

CVE-2018-17302 corresponds to a stored XSS in EspoCRM 5.3.6. The vulnerability is in views/fields/wysiwyg.js and is exploitable via the URL fragment /#Email/view (saved draft message). The available sources consistently describe a stored XSS condition affecting EspoCRM 5.3.6; no further details o...

5.4CVSS5.1AI score0.00632EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/09/21 6:0 a.m.38 views

CVE-2018-17301

CVE-2018-17301 — EspoCRM 5.3.6 has a reflected XSS in the file client/res/templates/global-search/name-field.tpl , exploitable via the /#Account search panel. The vulnerability stems from improper handling of user-supplied input in the global search name field, allowing injection of arbitrary Jav...

5.4CVSS5.2AI score0.00674EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/09/21 12:0 a.m.2 views

EspoCRM Cross-Site Scripting Vulnerability

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in the views/fields/wysiwyg.js file in EspoCRM version 5.3.6. A remote attacker can...

5.4CVSS5.6AI score0.00632EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/21 12:0 a.m.3 views

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2018-20109)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in the client/res/templates/global-search/name-field.tpl file in EspoCRM version 5.3....

5.4CVSS5.6AI score0.00674EPSS
Exploits1References1
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.101 views

Multiple vulnerabilities in EspoCRM

Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...

10CVSS0.1AI score0.05026EPSS
Exploits5
NVD
NVD
added 2014/10/31 2:55 p.m.17 views

CVE-2014-7987

Cross-site scripting XSS vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php...

4.3CVSS5.6AI score0.02174EPSS
Exploits3References5
NVD
NVD
added 2014/10/31 2:55 p.m.22 views

CVE-2014-7986

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter...

5CVSS6.4AI score0.02858EPSS
Exploits3References5
NVD
NVD
added 2014/10/31 2:55 p.m.19 views

CVE-2014-7985

Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter to install/index.php...

10CVSS7AI score0.05026EPSS
Exploits3References5
Rows per page
Query Builder