Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SalesagilitySuitecrm

4 matches found

CVE
CVEadded 2020/11/06 7:15 p.m.116 views

CVE-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

9CVSS8.8AI score0.52665EPSS
CVE
CVEadded 2020/11/18 10:15 p.m.41 views

CVE-2020-15300

SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.

6.1CVSS6.1AI score0.00285EPSS
CVE
CVEadded 2020/11/18 10:15 p.m.38 views

CVE-2020-14208

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.

5.4CVSS5AI score0.00154EPSS
CVE
CVEadded 2020/11/18 9:15 p.m.38 views

CVE-2020-15301

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.

7.8CVSS7.7AI score0.00273EPSS