Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
espocrm espocrm - vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-14550
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard butt...
Espocrm Espocrm
6.5
CVSSv3
CVE-2023-46736
EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point t...
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-14330
An issue exists in EspoCRM prior to 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Espocrm Espocrm
5.4
CVSSv3
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-13643
Stored XSS in EspoCRM prior to 5.6.4 allows remote malicious users to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clic...
Espocrm Espocrm
7.2
CVSSv3
CVE-2023-5965
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
Espocrm Espocrm
1 Github repository
7.2
CVSSv3
CVE-2023-5966
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
Espocrm Espocrm
1 Github repository
5.4
CVSSv3
CVE-2019-14549
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly...
Espocrm Espocrm
NA
CVE-2014-7985
Directory traversal vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Espocrm Espocrm
NA
CVE-2014-7986
install/index.php in EspoCRM prior to 2.6.0 allows remote malicious users to re-install the application via a 1 value in the installProcess parameter.
Espocrm Espocrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »