Lucene search

Vtiger Crm Security Vulnerabilities

cve

CVE-2016-4834

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

8.1CVSS

7.5AI Score

0.002EPSS

2016-08-01 02:59 AM

cve

CVE-2018-8047

vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).

6.1CVSS

6AI Score

0.001EPSS

2019-06-06 07:29 PM

151

cve

CVE-2019-11057

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.

8.8CVSS

8.9AI Score

0.003EPSS

2019-05-17 05:29 PM

cve

CVE-2019-19202

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.

8.8CVSS

8.6AI Score

0.001EPSS

2019-11-21 08:15 PM

cve

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave ...

7.2CVSS

7AI Score

0.07EPSS

2019-01-04 02:29 PM

cve

CVE-2020-19362

Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

6.1CVSS

5.9AI Score

0.001EPSS

2021-01-20 01:15 AM

cve

CVE-2020-19363

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.

6.5CVSS

6.4AI Score

0.002EPSS

2021-01-20 01:15 AM

cve

CVE-2020-22807

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.

9.8CVSS

9.6AI Score

0.003EPSS

2021-04-29 07:15 PM

cve

CVE-2022-38335

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.

5.4CVSS

5.3AI Score

0.001EPSS

2022-09-27 11:15 PM

cve

CVE-2023-38891

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

8.8CVSS

8.7AI Score

0.001EPSS

2023-09-14 11:15 PM

cve

CVE-2024-44776

An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.

6.1CVSS

6.3AI Score

0.001EPSS

2024-08-29 06:15 PM

cve

CVE-2024-44777

A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

9.6CVSS

6AI Score

0.002EPSS

2024-08-29 06:15 PM

cve

CVE-2024-44778

A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

9.6CVSS

6AI Score

0.002EPSS

2024-08-29 06:15 PM

cve

CVE-2024-44779

A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

9.6CVSS

5.8AI Score

0.002EPSS

2024-08-29 06:15 PM

Total number of security vulnerabilities64