Lucene search
K
Small Crm ProjectSmall Crm

7 matches found

CVE
CVE
added 2023/10/04 12:0 a.m.55 views

CVE-2023-44075

CVE-2023-44075 is a reported Cross Site Scripting vulnerability in Small CRM for PHP v3.0. The issue arises in the Address parameter and can let a remote attacker execute arbitrary code when exploiting the vulnerability. Documented impact ranges from constructive code execution to potential confi...

5.4CVSS5.8AI score0.00504EPSS
CVE
CVE
added 2023/10/20 12:0 a.m.54 views

CVE-2023-45394

The CVE-2023-45394 issue affects Small CRM v3.0, described as a Stored Cross-Site Scripting (XSS) vulnerability in the Company field of the "Request a Quote" section. The root cause is unsafely handling input in that field, enabling an attacker to store and execute malicious JavaScript in the Adm...

5.4CVSS5.2AI score0.00359EPSS
CVE
CVE
added 2023/12/29 12:0 a.m.54 views

CVE-2023-50035

CVE-2023-50035 affects PHPGurukul Small CRM 3.0. The issue is a SQL Injection in the Users login panel caused by directly using the password parameter in SQL queries without sanitization, enabling payload execution. The CVSSv3.1 base score is 9.8 (CRITICAL). Some connected sources (PT Security) d...

9.8CVSS9.7AI score0.00629EPSS
CVE
CVE
added 2023/01/25 12:0 a.m.53 views

CVE-2022-47073

CVE-2022-47073 describes a cross-site scripting (XSS) vulnerability in Small CRM v3.0, specifically on the Create Ticket page where a crafted payload injected into the Subject parameter can execute arbitrary web scripts/HTML. The issue arises from improper handling of the Subject input, enabling ...

5.4CVSS5.3AI score0.00617EPSS
CVE
CVE
added 2020/01/08 5:41 p.m.52 views

CVE-2020-5511

PHPGurukul Small CRM v2.0 is vulnerable to an authentication bypass via SQL injection on the administrator login page. The root cause is lack of validation of externally entered SQL statements in the /in***.php file (v2.0). This can permit unauthorized access to the admin area, with potential fur...

8.8CVSS9.2AI score0.0174EPSS
CVE
CVE
added 2023/09/26 12:0 a.m.42 views

CVE-2023-43331

CVE-2023-43331 is an XSS in the Add User function of Small CRM v3.0, exploited by injecting crafted payloads into the Name field. Affected: Small CRM v3.0 (Add User/Name field). Root cause: inadequate input sanitization leading to script/HTML execution. Public metrics indicate CVSS v3.1 base scor...

5.4CVSS5.3AI score0.00461EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.37 views

CVE-2023-34650

CVE-2023-34650 affects PHPgurukl Small CRM v1.0. Multiple connected sources indicate a Cross-Site Scripting (XSS) vulnerability, with CNNVD describing it as a stored XSS issue. NVD lists a CVSS v3.1 base score of 6.1 (Medium) and notes the attack vector is network with user interaction required. ...

6.1CVSS6.1AI score0.00493EPSS