2 matches found
CVE-2025-59428
CVE-2025-59428 affects EspoCRM up to version 9.1.8. A combination of stored SVG injection and missing CSRF protection allows an attacker with Knowledge Base edit permissions to cause arbitrary user creation (including admin accounts) by luring an authenticated user to click a malicious SVG link t...
EspoCRM 跨站请求伪造漏洞
EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A cross-site request forgery vulnerability exists in EspoCRM versions prior to 9.1.9, which stems from...