Lucene search
K

57 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-6577

Malicious code in bioql PyPI...

9CVSS7.4AI score0.00725EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-6924

Malicious code in bioql PyPI...

6.3CVSS6AI score0.00512EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.8 views

CVE-2022-3000

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

6.3CVSS5.9AI score0.00529EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.8 views

CVE-2022-3005

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

5.4CVSS5.9AI score0.00512EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.12 views

CVE-2022-2885

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

6.7CVSS6AI score0.00409EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:3 p.m.9 views

CVE-2022-1411

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...

9.1CVSS6.5AI score0.00728EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:32 p.m.7 views

CVE-2022-2924

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...

7.1CVSS5.8AI score0.00626EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:26 p.m.9 views

CVE-2022-2890

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

9CVSS5.8AI score0.00725EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:29 p.m.12 views

CVE-2022-0269

Cross-Site Request Forgery CSRF in Packagist yetiforce/yetiforce-crm prior to 6.3.0...

8CVSS6.8AI score0.00531EPSS
Exploits1References1
Veracode
Veracode
added 2024/02/19 7:47 a.m.21 views

Path Traversal

yetiforce/yetiforce-crm is vulnerable of Path Traversal. The vulnerability is caused due to not sanitizing and validating the file path used to load/retrieve file contents in the file LibraryLicense.php. A remote authenticated attacker can exploit this to obtain sensitive information via the...

6.5CVSS6.1AI score0.0104EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/10/07 6:20 a.m.20 views

Cross-site Scripting (XSS)

yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the name attribute in EditViewBlocks.tpl allowing an attacker to inject and execute malicious JavaScript...

5.4CVSS5.4AI score0.00547EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/10/06 6:52 p.m.23 views

GHSA-V9FJ-H8G6-4W9Q YetiForce CRM vulnerable to stored Cross-site Scripting

YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch...

5.4CVSS5AI score0.00547EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/10/06 6:52 p.m.27 views

YetiForce CRM vulnerable to stored Cross-site Scripting

YetiForce CRM version 6.4.0 and prior is vulnerable to stored cross-site scripting. A patch is available on the developer branch...

5.4CVSS5.3AI score0.00547EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/10/06 6:16 p.m.19 views

CVE-2022-3002

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

5.4CVSS0.00547EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/10/06 6:16 p.m.5 views

CVE-2022-3002

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

5.4CVSS6AI score0.00547EPSS
Exploits1References4
Veracode
Veracode
added 2022/09/22 5:1 a.m.16 views

Stored Cross-site Scripting (XSS)

yetiforce/yetiforce-crm is vulnerable to stored cross-site scriptingXSS attacks. The library does not properly escape the content of title parameter in WidgetsManagement module and it is used directly without any encoding or validation on ChartFilter.tpl, allowing an attacker to inject and execut...

5.4CVSS5.2AI score0.00626EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2022/09/22 4:17 a.m.25 views

Cross-site Scripting (XSS)

yetiforce/yetiforce-crm is vulnerable to cross-site scripting. The vulnerability exists because the library type recordModel Text parameter does not properly validate or encode in slaPolicy module settings, allowing an attacker to inject and execute malicious javascript...

5.4CVSS5.4AI score0.00512EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/09/21 10:15 a.m.24 views

Stored Cross-site Scripting (XSS)

yetiforce/yetiforce-crm is vulnerable to stored cross-site scriptingXSS attacks. The library does not properly escape fieldModel-label parameter in LayoutEditor and it is used directly without any encoding or validation on LayoutEditor/EditField.tpl, allowing an attacker to inject and execute...

5.4CVSS5.2AI score0.00529EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/09/21 12:0 a.m.28 views

GHSA-MQH9-5JP9-6799 YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the LayoutEditor module. A patch is available at commit eebc12601495ada38495076bec12841b2477516b...

5.4CVSS5.2AI score0.00529EPSS
Exploits1References4
OSV
OSV
added 2022/09/21 12:0 a.m.15 views

GHSA-QWC8-VJH3-GM2J YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the WorkFlow module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a...

5.4CVSS5.2AI score0.00512EPSS
Exploits1References4
Rows per page
Query Builder