Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

Veracode
Veracodeadded 2022/09/22 5:1 a.m.15 views

Stored Cross-site Scripting (XSS)

yetiforce/yetiforce-crm is vulnerable to stored cross-site scriptingXSS attacks. The library does not properly escape the content of title parameter in WidgetsManagement module and it is used directly without any encoding or validation on ChartFilter.tpl, allowing an attacker to inject and execut...

5.4CVSS5.2AI score0.00346EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2022/09/21 12:0 a.m.18 views

GHSA-2QF8-H7PR-X2R8 YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WidgetsManagement module. A patch is available at commit b716ecea340783b842498425faa029800bd30420...

5.4CVSS5.2AI score0.00346EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/09/20 12:0 a.m.1 views

PT-2022-19489 · Yetiforce · Yetiforcecrm

Name of the Vulnerable Software and Affected Versions: YetiForce CRM versions prior to 6.3 YetiForce CRM versions 6.4.0 and prior Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository yetiforcecompany/yetiforcecrm. The WidgetsManagement module...

7.1CVSS5.5AI score0.00346EPSS
Exploits1References9
CNNVD
CNNVDadded 2022/09/20 12:0 a.m.1 views

YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.3, which stems from an unvalidated title parameter on the WidgetsManagement module in Settings and is used directly in...

7.1CVSS6.5AI score0.00346EPSS
Exploits1References3
Huntr
Huntradded 2022/08/19 6:0 p.m.20 views

Persistent Cross Site Scripting - WidgetsManagement Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On WidgetsManagement module from Settings, the "title"parameter is not validated and it's used directly without any encoding or validation on Vitger/dashboards/ChartFilter.tpl. It allows attacker to injec...

4.9CVSS0.3AI score0.00346EPSS
Exploits1
Rows per page
Query Builder