Suitecrm Security Vulnerabilities and Issues — Suitecrm CVE List

Lucene search

SalesagilitySuitecrm

12 matches found

CVE•added 2021/04/30 10:15 p.m.•77 views

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field

5.4CVSS5.1AI score0.00379EPSS

CVE•added 2020/03/20 1:15 a.m.•74 views

CVE-2019-18782

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.

5.3CVSS5.2AI score0.00206EPSS

CVE•added 2023/11/14 4:15 p.m.•50 views

CVE-2023-6127

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

5.4CVSS5.5AI score0.00175EPSS

CVE•added 2023/11/14 3:15 p.m.•49 views

CVE-2023-6124

Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.

5CVSS4.7AI score0.00131EPSS

CVE•added 2024/06/10 3:15 p.m.•47 views

CVE-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

5.4CVSS5.4AI score0.00112EPSS

CVE•added 2023/11/21 8:15 p.m.•43 views

CVE-2023-47643

SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire at...

5.3CVSS4.3AI score0.43187EPSS

CVE•added 2024/11/05 7:15 p.m.•40 views

CVE-2024-50335

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. This can be exploited to...

5.4CVSS5AI score0.00274EPSS

CVE•added 2019/09/27 4:15 p.m.•39 views

CVE-2019-16922

SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.

5.3CVSS5.3AI score0.00237EPSS

CVE•added 2020/11/18 10:15 p.m.•38 views

CVE-2020-14208

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.

5.4CVSS5AI score0.00154EPSS

CVE•added 2021/10/04 5:15 p.m.•35 views

CVE-2021-41595

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.

5.3CVSS5.2AI score0.00269EPSS

CVE•added 2024/02/07 3:15 a.m.•34 views

CVE-2023-6388

Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.

5CVSS5.2AI score0.00049EPSS

CVE•added 2021/10/04 5:15 p.m.•33 views

CVE-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

5.3CVSS5.2AI score0.00302EPSS