5.4CVSS
5.1AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.
5.4CVSS
5.1AI Score
0.001EPSS
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.
5.4CVSS
5.1AI Score
0.001EPSS
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.
5.4CVSS
5.8AI Score
0.001EPSS
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
8.8CVSS
8.7AI Score
0.001EPSS