56 matches found
EUVD-2022-6577
Malicious code in bioql PyPI...
EUVD-2022-6924
Malicious code in bioql PyPI...
CVE-2022-3000
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3005
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2885
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-1411
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...
CVE-2022-2924
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...
CVE-2022-2890
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-0269
Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...
Path Traversal
yetiforce/yetiforce-crm is vulnerable of Path Traversal. The vulnerability is caused due to not sanitizing and validating the file path used to load/retrieve file contents in the file LibraryLicense.php. A remote authenticated attacker can exploit this to obtain sensitive information via the...
Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the name attribute in EditViewBlocks.tpl allowing an attacker to inject and execute malicious JavaScript...
YetiForce CRM vulnerable to stored Cross-site Scripting
YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch...
GHSA-V9FJ-H8G6-4W9Q YetiForce CRM vulnerable to stored Cross-site Scripting
YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch...
CVE-2022-3002
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3002
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
Stored Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to stored cross-site scriptingXSS attacks. The library does not properly escape the content of title parameter in WidgetsManagement module and it is used directly without any encoding or validation on ChartFilter.tpl, allowing an attacker to inject and execut...
Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists because the library type recordModel Text parameter does not properly validate or encode in slaPolicy module settings, allowing an attacker to inject and execute malicious javascript...
Stored Cross-site Scripting (XSS)
yetiforce/yetiforce-crm is vulnerable to stored cross-site scriptingXSS attacks. The library does not properly escape fieldModel-label parameter in LayoutEditor and it is used directly without any encoding or validation on LayoutEditor/EditField.tpl, allowing an attacker to inject and execute...
GHSA-QWC8-VJH3-GM2J YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WorkFlow module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a...
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WorkFlow module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a...