Lucene search
+L

28 matches found

NVD
NVD
added 2024/02/16 8:15 a.m.19 views

CVE-2023-49508

Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component...

6.5CVSS5.7AI score0.0104EPSS
Exploits0References3
Prion
Prion
added 2024/02/16 8:15 a.m.17 views

Directory traversal

Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component...

6.3AI score0.0104EPSS
Exploits0References3
CVE
CVE
added 2024/02/16 12:0 a.m.90 views

CVE-2023-49508

CVE-2023-49508 affects YetiForceCRM (YetiForceCRM) versions 6.4.0 and earlier. Affected component is the LibraryLicense.php, where an improper handling of the license parameter enables a directory traversal that allows a remote authenticated attacker to obtain sensitive information. The vulnerabi...

6.5CVSS5.9AI score0.0104EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/16 12:0 a.m.16 views

CVE-2023-49508

Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component...

6AI score0.0104EPSS
Exploits0References3
CVE
CVE
added 2022/10/06 12:0 a.m.80 views

CVE-2022-3002

CVE-2022-3002 is a stored XSS vulnerability in YetiForceCRM (yetiforcecrm) prior to version 6.4.0. Multiple sources confirm the issue stems from insufficient input filtering/escaping, enabling attacker-controlled data to be stored and later rendered insecurely. The affected software is YetiForceC...

5.4CVSS5.2AI score0.00563EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/09/20 7:10 a.m.34 views

CVE-2022-3000 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

6.3CVSS5.5AI score0.00529EPSS
Exploits1References2
OSV
OSV
added 2022/09/20 7:10 a.m.31 views

CVE-2022-3000 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

6.3CVSS6.4AI score0.00529EPSS
Exploits1References4
NVD
NVD
added 2022/09/20 6:15 a.m.32 views

CVE-2022-2924

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...

7.1CVSS0.00626EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/20 5:25 a.m.39 views

CVE-2022-2924 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...

7.1CVSS5.5AI score0.00626EPSS
Exploits1References2
CVE
CVE
added 2022/09/20 5:25 a.m.82 views

CVE-2022-2924

CVE-2022-2924 affects YetiForce CRM prior to 6.3 with stored XSS in the WidgetsManagement module. The root cause is an unvalidated title parameter that is used directly in Vitger/dashboards/ChartFilter.tpl, enabling injected JavaScript. Remedies: upgrade to 6.3+ or apply the patch referenced by t...

7.1CVSS5.5AI score0.00626EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/08/23 4:15 a.m.29 views

CVE-2022-2829

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

8.8CVSS0.00688EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/23 4:0 a.m.30 views

CVE-2022-2829 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

8.8CVSS5.5AI score0.00688EPSS
Exploits1References2
CVE
CVE
added 2022/08/23 4:0 a.m.67 views

CVE-2022-2829

CVE-2022-2829 is a stored XSS in YetiForceCRM prior to version 6.4.0. Several connected sources identify the root cause as improper sanitization in a link field used when importing RSS feeds, allowing injected XML to execute script in the victim’s browser. Public sources consistently describe the...

8.8CVSS5.7AI score0.00688EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/08/23 12:0 a.m.34 views

GHSA-W83M-RGHH-FRXJ Cross site scripting in yetiforce/yetiforce-crm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

5.4CVSS5.2AI score0.00429EPSS
Exploits1References4
OSV
OSV
added 2022/08/23 12:0 a.m.27 views

GHSA-JHXH-68JJ-68C7 Cross site scripting in yetiforce/yetiforce-crm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

5.4CVSS5.2AI score0.00725EPSS
Exploits1References4
CVE
CVE
added 2022/08/22 1:55 p.m.71 views

CVE-2022-2890

CVE-2022-2890 is a stored XSS in YetiforceCRM prior to version 6.4.0. Affected product: YetiforceCRM web application (GitHub repository). Root cause: XSS vulnerability in the application before 6.4.0 (no details on specific input vector provided in the documents). Impact: permits cross-site scrip...

9CVSS5.6AI score0.00725EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/08/22 12:15 p.m.20 views

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

4.9CVSS5.3AI score0.00429EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/22 12:10 p.m.40 views

CVE-2022-1340 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

7CVSS5.5AI score0.00429EPSS
Exploits1References2
OSV
OSV
added 2022/08/22 12:10 p.m.30 views

CVE-2022-1340 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0...

7CVSS6.6AI score0.00429EPSS
Exploits1References4
CVE
CVE
added 2022/08/22 12:10 p.m.85 views

CVE-2022-1340

CVE-2022-1340 is a cross-site scripting (XSS) vulnerability in the YetiForce CRM project, present in versions prior to 6.4.0. The issue stems from improper input validation / output encoding in the repository yetiforcecrm, allowing stored XSS via uploaded content or payloads in documents. Impact ...

7CVSS5.5AI score0.00429EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder