1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
5.4CVSS
5.1AI Score
0.001EPSS
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.
8.6CVSS
8.2AI Score
0.01EPSS