Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-2396

Malware in sbrugna...

5.8CVSS5.4AI score0.00106EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 8:11 p.m.3 views

CVE-2021-39198

OroCRM is an open source Client Relationship Management CRM application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. There are no workarounds that address this vulnerability and all...

5.8CVSS6.9AI score0.00106EPSS
Exploits0References1
Veracode
Veracodeadded 2024/05/22 4:52 a.m.6 views

Open Redirect

OroCRM is vulnerable to Open Redirect. The vulnerability is due to improper validation of URLs, allowing attackers to redirect users to external websites...

7AI score
Exploits0
Github Security Blog
Github Security Blogadded 2024/05/20 2:19 p.m.8 views

OroCRM Forced Redirect to External Website

OroCRM is prone to open redirection which could allow attackers to redirect users to external website...

7AI score
Exploits0References4Affected Software1
OSV
OSVadded 2024/05/20 2:19 p.m.8 views

GHSA-V8HP-239V-9367 OroCRM Forced Redirect to External Website

OroCRM is prone to open redirection which could allow attackers to redirect users to external website...

6.1CVSS7AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/05/20 12:0 a.m.1 views

PT-2024-40470 · Orocrm · Orocrm

Name of the Vulnerable Software and Affected Versions: OroCRM affected versions not specified Description: The issue allows attackers to redirect users to an external website due to open redirection. Recommendations: At the moment, there is no information about a newer version that contains a fix...

6.1CVSS6.8AI score
Exploits0References5
CNNVD
CNNVDadded 2023/11/27 12:0 a.m.2 views

OroCRM Access Control Error Vulnerability

OroCrm is an open source customer relationship management Crm application from Oro. It is used to create 360° views of customers across multiple channels, organize sales channels, manage account and contact information, communicate with customers, run marketing campaigns and track campaign...

5CVSS6.5AI score0.00195EPSS
Exploits0References3
NVD
NVDadded 2021/11/19 10:15 p.m.9 views

CVE-2021-39198

OroCRM is an open source Client Relationship Management CRM application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. There are no workarounds that address this vulnerability and all...

5.8CVSS0.00106EPSS
Exploits0References1
OSV
OSVadded 2021/11/19 10:15 p.m.6 views

CVE-2021-39198

OroCRM is an open source Client Relationship Management CRM application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. There are no workarounds that address this vulnerability and all...

5.4CVSS5.6AI score
Exploits0References1
Prion
Prionadded 2021/11/19 10:15 p.m.7 views

Cross site request forgery (csrf)

OroCRM is an open source Client Relationship Management CRM application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. There are no workarounds that address this vulnerability and all...

5.8CVSS5.5AI score0.00106EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/11/19 9:30 p.m.8 views

CVE-2021-39198 The disqualify lead action may be executed without CSRF token check

OroCRM is an open source Client Relationship Management CRM application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. There are no workarounds that address this vulnerability and all...

4.2CVSS5.8AI score0.00106EPSS
Exploits0References1
CVE
CVEadded 2021/11/19 9:30 p.m.54 views

CVE-2021-39198

CVE-2021-39198 affects OroCRM. Multiple sources confirm a CSRF flaw that allows an attacker to disqualify a Lead via the disqualifyAction without a valid CSRF token. Root cause cited in Veracode advisories as an insufficient permissions check in the action handler. Impact is scaleable: leads can ...

5.8CVSS4.8AI score0.00106EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2021/11/19 12:0 a.m.1 views

OroCrm 跨站请求伪造漏洞

OroCrm is an open source Customer Relationship Management Crm application from Oro Corporation. It is used to create 360° views of customers across multiple channels, organize sales channels, manage account and contact information, communicate with customers, run marketing campaigns and track...

5.8CVSS5.6AI score0.00106EPSS
Exploits0References3
Friends Of PHP
Friends Of PHPadded 2015/07/08 1:51 p.m.8 views

Forced Redirect to External Website

More info at https://www.orocrm.com/blog/news/orocrm-security-announcement...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2015/07/08 1:47 p.m.14 views

Forced Redirect to External Website

More info at https://www.orocrm.com/blog/news/orocrm-security-announcement...

7.2AI score
Exploits0Affected Software1
seebug.org
seebug.orgadded 2014/09/18 12:0 a.m.36 views

OroCRM - Stored XSS Vulnerability

No description provided by source. Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec Labs...

7.1AI score
Exploits0
Packet Storm
Packet Stormadded 2014/09/11 12:0 a.m.46 views

OroCRM Cross Site Scripting

Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec Labs Type of vulnerability: XSS Stored...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2014/09/11 12:0 a.m.35 views

OroCRM - Persistent Cross-Site Scripting

OroCRM - Persistent Cross-Site Scripting Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec...

6.8AI score
Exploits0
0day.today
0day.todayadded 2014/09/11 12:0 a.m.37 views

OroCRM - Stored XSS Vulnerability

Exploit for php platform in category web applications Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Autho...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2014/09/11 12:0 a.m.47 views

OroCRM - Persistent Cross-Site Scripting

Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec Labs Type of vulnerability: XSS Stored...

7.4AI score
Exploits0
Rows per page
Query Builder