Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
daybydaycrm daybyday vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-22112
In DayByDay CRM, versions 1.1 up to and including 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client brow...
Daybydaycrm Daybyday
8.8
CVSSv3
CVE-2022-22113
In DayByDay CRM, versions 2.2.0 up to and including 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the p...
Daybydaycrm Daybyday
5.4
CVSSv3
CVE-2020-35705
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.
Daybydaycrm Daybyday 2.1.0
5.4
CVSSv3
CVE-2020-35707
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.
Daybydaycrm Daybyday 2.1.0
5.4
CVSSv3
CVE-2020-35704
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.
Daybydaycrm Daybyday 2.1.0
5.4
CVSSv3
CVE-2020-35706
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.
Daybydaycrm Daybyday 2.1.0
4.3
CVSSv3
CVE-2022-22107
In Daybyday CRM, versions 2.0.0 up to and including 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is...
Daybydaycrm Daybyday Crm
4.3
CVSSv3
CVE-2022-22108
In Daybyday CRM, versions 2.0.0 up to and including 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authoriz...
Daybydaycrm Daybyday Crm
7.5
CVSSv3
CVE-2022-22110
In Daybyday CRM, versions 1.1 up to and including 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an mali...
Daybydaycrm Daybyday Crm
5.4
CVSSv3
CVE-2022-22109
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the &ldqu...
Daybydaycrm Daybyday Crm 2.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »