Suitecrm@7.11.0 Security Vulnerabilities and Issues — Suitecrm@7.11.0 CVE List

Lucene search

SalesagilitySuitecrm7.11.0

5 matches found

CVE•added 2021/12/28 2:15 p.m.•40 views

CVE-2021-45903

A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.

6.1CVSS5.8AI score0.00723EPSS

CVE•added 2021/10/04 7:15 a.m.•39 views

CVE-2021-41869

SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.

8.8CVSS8.7AI score0.00883EPSS

CVE•added 2021/10/04 5:15 p.m.•36 views

CVE-2021-41595

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.

5.3CVSS5.2AI score0.00269EPSS

CVE•added 2021/09/29 2:15 p.m.•34 views

CVE-2021-25961

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.

8CVSS7.9AI score0.00334EPSS

CVE•added 2021/10/04 5:15 p.m.•34 views

CVE-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

5.3CVSS5.2AI score0.00302EPSS