Fat Free Crm Security Vulnerabilities and Issues — Fat Free Crm CVE List

Lucene search

FatfreecrmFat Free Crm

4 matches found

CVE•added 2019/06/10 11:29 p.m.•108 views

CVE-2019-10226

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mech...

5.4CVSS5.2AI score0.02501EPSS

CVE•added 2014/01/02 2:59 p.m.•45 views

CVE-2013-7249

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.

5CVSS6.1AI score0.00667EPSS

CVE•added 2014/01/02 2:59 p.m.•44 views

CVE-2013-7224

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.

5CVSS6.1AI score0.0059EPSS

CVE•added 2014/01/02 2:59 p.m.•41 views

CVE-2013-7222

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.

5CVSS6.8AI score0.00873EPSS