Lucene search
+L

22 matches found

Snyk
Snyk
added 2026/05/07 5:35 p.m.9 views

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in th...

6.1CVSS5.8AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 6:22 p.m.7 views

Arbitrary Code Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the compose email...

9.2CVSS6.2AI score0.00567EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 4:15 p.m.12 views

Authorization Bypass Through User-Controlled Key

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in...

8.6CVSS5.8AI score0.00351EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/14 4:14 p.m.11 views

Access Control Bypass

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Access Control Bypass in the LeadController.php...

8.6CVSS5.8AI score0.00351EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/14 4:14 p.m.10 views

Authorization Bypass Through User-Controlled Key

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in...

8.8CVSS5.8AI score0.00624EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/14 4:14 p.m.17 views

Arbitrary Code Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /admin/tinymce/uplo...

9.9CVSS6.7AI score0.02759EPSS
Exploits11References2
Snyk
Snyk
added 2026/04/14 4:14 p.m.14 views

Server-side Request Forgery (SSRF)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the...

8.5CVSS5.8AI score0.00249EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 4:14 p.m.9 views

SQL Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to SQL Injection via the rottenlead parameter in the...

7.1CVSS5.9AI score0.00191EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.6 views

CVE-2026-5370

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS4.4AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 6:31 p.m.8 views

EUVD-2026-18484

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS4.3AI score0.00203EPSS
Exploits0References8
OSV
OSV
added 2026/04/02 6:31 p.m.12 views

GHSA-9M2V-HC5G-5JPV Krayin CRM is vulnerable to Cross-site Scripting (XSS)

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS4.4AI score0.00203EPSS
Exploits0References8
NVD
NVD
added 2026/04/02 6:16 p.m.6 views

CVE-2026-5370

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS0.00203EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:30 p.m.4 views

CVE-2026-5370

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS4.3AI score0.00203EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 5:30 p.m.3 views

CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS4.4AI score0.00203EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/02 5:30 p.m.25 views

CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS0.00203EPSS
Exploits0References7
OSV
OSV
added 2026/04/02 5:30 p.m.4 views

CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References9
CVE
CVE
added 2026/04/02 5:30 p.m.22 views

CVE-2026-5370

The vulnerability CVE-2026-5370 affects krayin laravel-crm up to 2.2 . The issue is in the Activities Module/Notes Module specifically the function composeMail in the file path shown, where manipulation leads to cross-site scripting . Remote exploitation is possible and the exploit is publicly av...

5.1CVSS4.3AI score0.00203EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.11 views

PT-2026-29860

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

5.1CVSS4.3AI score0.00203EPSS
Exploits0References8
Snyk
Snyk
added 2025/04/14 1:44 p.m.12 views

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the storeMedia function...

5.4CVSS5.4AI score0.00383EPSS
Exploits2References2
Snyk
Snyk
added 2024/10/07 6:31 p.m.4 views

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the organization name...

7.1CVSS5.4AI score0.00397EPSS
Exploits1References2
Rows per page
Query Builder