28 matches found
CVE-2023-49508
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component...
Directory traversal
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component...
CVE-2023-49508
CVE-2023-49508 affects YetiForceCRM (YetiForceCRM) versions 6.4.0 and earlier. Affected component is the LibraryLicense.php, where an improper handling of the license parameter enables a directory traversal that allows a remote authenticated attacker to obtain sensitive information. The vulnerabi...
CVE-2023-49508
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component...
CVE-2022-3002
CVE-2022-3002 is a stored XSS vulnerability in YetiForceCRM (yetiforcecrm) prior to version 6.4.0. Multiple sources confirm the issue stems from insufficient input filtering/escaping, enabling attacker-controlled data to be stored and later rendered insecurely. The affected software is YetiForceC...
CVE-2022-3000 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-3000 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2924
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...
CVE-2022-2924 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...
CVE-2022-2924
CVE-2022-2924 affects YetiForce CRM prior to 6.3 with stored XSS in the WidgetsManagement module. The root cause is an unvalidated title parameter that is used directly in Vitger/dashboards/ChartFilter.tpl, enabling injected JavaScript. Remedies: upgrade to 6.3+ or apply the patch referenced by t...
CVE-2022-2829
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2829 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2829
CVE-2022-2829 is a stored XSS in YetiForceCRM prior to version 6.4.0. Several connected sources identify the root cause as improper sanitization in a link field used when importing RSS feeds, allowing injected XML to execute script in the victim’s browser. Public sources consistently describe the...
GHSA-W83M-RGHH-FRXJ Cross site scripting in yetiforce/yetiforce-crm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
GHSA-JHXH-68JJ-68C7 Cross site scripting in yetiforce/yetiforce-crm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-2890
CVE-2022-2890 is a stored XSS in YetiforceCRM prior to version 6.4.0. Affected product: YetiforceCRM web application (GitHub repository). Root cause: XSS vulnerability in the application before 6.4.0 (no details on specific input vector provided in the documents). Impact: permits cross-site scrip...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-1340 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-1340 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...
CVE-2022-1340
CVE-2022-1340 is a cross-site scripting (XSS) vulnerability in the YetiForce CRM project, present in versions prior to 6.4.0. The issue stems from improper input validation / output encoding in the repository yetiforcecrm, allowing stored XSS via uploaded content or payloads in documents. Impact ...