Espocrm@5.6.4 Security Vulnerabilities and Issues — Espocrm@5.6.4 CVE List

Lucene search

EspocrmEspocrm5.6.4

3 matches found

CVE•added 2019/07/28 4:15 p.m.•95 views

CVE-2019-14350

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2019/07/28 4:15 p.m.•93 views

CVE-2019-14349

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user op...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2019/07/28 4:15 p.m.•93 views

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.

8.8CVSS8.5AI score0.00606EPSS