Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zurmo vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-19596
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.
Zurmo Zurmo 3.2.4
3.5
CVSSv2
CVE-2018-19506
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.
Zurmo Zurmo 3.2.4
3.5
CVSSv2
CVE-2017-7188
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
Zurmo Zurmo Crm
1 Github repository
3.5
CVSSv2
CVE-2015-5365
Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.
Zurmo Zurmo Crm 3.0.2
3.5
CVSSv2
CVE-2017-15039
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Zurmo Zurmo Crm 3.2.1.57987acc3018
4.3
CVSSv2
CVE-2019-14472
Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.
Zurmo Zurmo 3.2.7-2
3.5
CVSSv2
CVE-2017-18004
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.
Zurmo Zurmo Crm 3.2.3
2 Github repositories
4.3
CVSSv2
CVE-2018-16654
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
Zurmo Zurmo Crm 3.2.4
4.9
CVSSv2
CVE-2017-16569
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Zurmo Zurmo Crm 3.2.1.57987acc3018
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started