68 matches found
EUVD-2022-0500
Malicious code in bioql PyPI...
EUVD-2022-6577
Malicious code in bioql PyPI...
EUVD-2022-7162
Malicious code in bioql PyPI...
EUVD-2022-4809
Malicious code in bioql PyPI...
EUVD-2022-6924
Malicious code in bioql PyPI...
CVE-2022-3000
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3005
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2885
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-1411
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...
CVE-2022-2924
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...
CVE-2022-2890
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-0269
Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...
Path Traversal
yetiforce/yetiforce-crm is vulnerable of Path Traversal. The vulnerability is caused due to not sanitizing and validating the file path used to load/retrieve file contents in the file LibraryLicense.php. A remote authenticated attacker can exploit this to obtain sensitive information via the...
YetiForceCrm Security Vulnerability
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A security vulnerability exists in YetiForce YetiForceCRM 6.4.0 and earlier versions, which originates from a vulnerability that allows an authenticated, remote attacker to obtain sensitive information via the license...
Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the name attribute in EditViewBlocks.tpl allowing an attacker to inject and execute malicious JavaScript...
GHSA-V9FJ-H8G6-4W9Q YetiForce CRM vulnerable to stored Cross-site Scripting
YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch...
YetiForce CRM vulnerable to stored Cross-site Scripting
YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch...
CVE-2022-3002
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3002
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
Stored Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to stored cross-site scriptingXSS attacks. The library does not properly escape the content of title parameter in WidgetsManagement module and it is used directly without any encoding or validation on ChartFilter.tpl, allowing an attacker to inject and execut...