CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Zurmo is the United States Zurmo company's set of PHP-based open source customer relationship management system CRM. A cross-site scripting vulnerability exists in Zurmo version 3.2.7-2. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attack...

6.1CVSS6.4AI score0.0024EPSS

Exploits1References1

NVD•added 2019/08/01 3:15 p.m.•12 views

CVE-2019-14472

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATHINFO...

6.1CVSS6.1AI score0.0024EPSS

Exploits1References1

OSV•added 2019/08/01 3:15 p.m.•0 views

CVE-2019-14472

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATHINFO...

6.1CVSS5.8AI score

Exploits0References1

Prion•added 2019/08/01 3:15 p.m.•11 views

Default credentials

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATHINFO...

4.3CVSS6AI score0.0024EPSS

Exploits1References1Affected Software1

CVE•added 2019/08/01 2:6 p.m.•37 views

CVE-2019-14472

CVE-2019-14472 affects Zurmo 3.2.7-2, with a cross-site scripting (XSS) vulnerability exploitable through the PATH_INFO entry (app/index.php/zurmo/default). The root cause, as reflected in CNVD-2019-26160, Red Hat and CNVD entries, points to insufficient input/data validation that allows injectio...

6.1CVSS6AI score0.0024EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/08/01 2:6 p.m.•11 views

CVE-2019-14472

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATHINFO...

6.1AI score0.0024EPSS

Exploits1References1

Packet Storm•added 2019/07/26 12:0 a.m.•94 views

Zurmo 3.2.6 Out Of Band Code Evaluation

Out of Band Code Evaluation Vulnerability in Zurmo 3.2.6 Information -------------------- Advisory by Netsparker Name: Out of Band Code Evaluation in Zurmo Affected Software: Zurmo Affected Versions: 3.2.6 Homepage: http://zurmo.org Vulnerability: Out of Band Code Evaluation Severity: Critical...

Exploits0

Packet Storm•added 2019/07/26 12:0 a.m.•126 views

Zurmo 3.2.6 Persistent Cross Site Scripting

Stored Cross-site Scripting Vulnerability in Zurmo 3.2.6 Information -------------------- Advisory by Netsparker Name: Stored Cross-site Scripting in Zurmo Affected Software: Zurmo Affected Versions: 3.2.6 Homepage: http://zurmo.org Vulnerability: Stored Cross-site Scripting Severity: Medium...

7.4AI score

Exploits0

Packet Storm•added 2019/07/26 12:0 a.m.•134 views

Zurmo 3.2.6 Iframe Injection

Frame Injection Vulnerability in Zurmo 3.2.6 Information -------------------- Advisory by Netsparker Name: Frame Injection in Zurmo Affected Software: Zurmo Affected Versions: 3.2.6 Homepage: http://zurmo.org Vulnerability: Frame Injection Severity: Medium Status: Not Fixed Netsparker Advisory...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by