Lucene search
K

9 matches found

Veracode
Veracode
added 2022/10/11 1:15 p.m.17 views

Denial Of Service (DoS)

fatfreecrm is vulnerable to denial of service. The vulnerability exists in bucketempty function of task.rb due to incomplete return statements which allows an attacker to remotely cause an application crash...

6.5CVSS6AI score0.01414EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/10/08 12:0 a.m.40 views

CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm

fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...

6.5CVSS6.6AI score0.01414EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/10/08 12:0 a.m.7 views

CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm

fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...

6.5CVSS6.4AI score0.01414EPSS
Exploits0References3
CVE
CVE
added 2022/10/08 12:0 a.m.89 views

CVE-2022-39281

CVE-2022-39281 affects fat_free_crm before 0.20.1. An authenticated user can trigger a remote Denial of Service via the bucket access in the Tasks endpoint, caused by the Task model’s bucket_empty? logic. The issue has been fixed in commit c85a254 and will be released in 0.20.1; patching is recom...

6.5CVSS6.3AI score0.01414EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/10/08 12:0 a.m.24 views

CVE-2022-39281 Remote Denial of Service via Tasks endpoint in fat_free_crm

fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...

6.5CVSS6.3AI score0.01414EPSS
Exploits0References5
Veracode
Veracode
added 2019/08/21 7:11 a.m.17 views

Cross-site Scripting (XSS)

fatfreecrm is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not escape the string entered for query in app/helpers/tagshelper.rb, allowing an attacker to inject arbitrary script through it...

6.1CVSS2.9AI score0.01246EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/07/08 2:54 a.m.20 views

Cross-site Scripting (XSS)

fatfreecrm is vulnerable to cross-site scripting XSS. The vulnerability exists through query in app/helpers/tagshelper.rb...

6.1CVSS5.8AI score0.01687EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2017/05/09 6:31 a.m.13 views

Information Leakage Via Error Pages

fatfreecrm is vulnerable to information leakage via error pages. The vulnerability is possible because considerallrequestslocal is set to true by default in production mode, exposing the server setup information in 404 and 500 error pages...

6.4AI score
Exploits0
Veracode
Veracode
added 2017/05/09 5:31 a.m.10 views

Unauthorised New User Signup

fatfreecrm is susceptible to unauthorised new user signup. The vulnerability exists because userscontroller does not prevent creation of a new user signup using crafted POST request...

6.2AI score
Exploits0
Rows per page
Query Builder