Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
espocrm espocrm vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-13643
Stored XSS in EspoCRM prior to 5.6.4 allows remote malicious users to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clic...
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-14329
An issue exists in EspoCRM prior to 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-14331
An issue exists in EspoCRM prior to 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14546
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email sig...
Espocrm Espocrm
5.4
CVSSv3
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-14330
An issue exists in EspoCRM prior to 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14547
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could injec...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14548
An issue exists in EspoCRM prior to 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScr...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14549
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14550
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard butt...
Espocrm Espocrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »