Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
espocrm espocrm vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-14550
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard butt...
Espocrm Espocrm
NA
CVE-2023-46736
EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point t...
Espocrm Espocrm
383
VMScore
CVE-2019-14330
An issue exists in EspoCRM prior to 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Espocrm Espocrm
312
VMScore
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
Espocrm Espocrm
383
VMScore
CVE-2019-13643
Stored XSS in EspoCRM prior to 5.6.4 allows remote malicious users to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clic...
Espocrm Espocrm
NA
CVE-2023-5965
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
Espocrm Espocrm
1 Github repository
NA
CVE-2023-5966
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
Espocrm Espocrm
1 Github repository
312
VMScore
CVE-2019-14549
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly...
Espocrm Espocrm
890
VMScore
CVE-2014-7985
Directory traversal vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Espocrm Espocrm
445
VMScore
CVE-2014-7986
install/index.php in EspoCRM prior to 2.6.0 allows remote malicious users to re-install the application via a 1 value in the installProcess parameter.
Espocrm Espocrm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »