Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SalesagilitySuitecrm

13 matches found

CVE
CVEadded 2022/03/07 1:15 p.m.77 views

CVE-2022-0756

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

6.5CVSS5.9AI score0.00235EPSS
CVE
CVEadded 2019/09/30 1:15 p.m.74 views

CVE-2019-14752

SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.

6.1CVSS6.3AI score0.00312EPSS
CVE
CVEadded 2023/11/14 4:15 p.m.52 views

CVE-2023-6128

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

6.8CVSS5.5AI score0.0016EPSS
CVE
CVEadded 2020/02/13 4:15 p.m.47 views

CVE-2020-8804

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.

6.5CVSS7AI score0.00354EPSS
CVE
CVEadded 2024/06/10 10:15 p.m.47 views

CVE-2024-36419

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the issue.

6.1CVSS5.4AI score0.00198EPSS
CVE
CVEadded 2024/06/10 5:16 p.m.44 views

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is a...

6.5CVSS5.4AI score0.0021EPSS
CVE
CVEadded 2020/11/18 10:15 p.m.41 views

CVE-2020-15300

SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.

6.1CVSS6.1AI score0.00285EPSS
CVE
CVEadded 2024/11/05 7:15 p.m.41 views

CVE-2024-49773

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. current_post parameter in export entry point can be abused...

6.5CVSS5.7AI score0.00066EPSS
CVE
CVEadded 2021/08/18 1:15 a.m.39 views

CVE-2021-39267

Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution (suc...

6.1CVSS6AI score0.00723EPSS
CVE
CVEadded 2021/12/28 2:15 p.m.38 views

CVE-2021-45903

A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.

6.1CVSS5.8AI score0.00723EPSS
CVE
CVEadded 2021/08/18 1:15 a.m.37 views

CVE-2021-39268

Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.

6.1CVSS5.8AI score0.00411EPSS
CVE
CVEadded 2019/04/05 4:29 p.m.34 views

CVE-2018-20816

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script...

6.1CVSS6AI score0.00186EPSS
CVE
CVEadded 2018/09/26 5:29 p.m.31 views

CVE-2018-15606

An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.

6.1CVSS5.9AI score0.00301EPSS