Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
espocrm espocrm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8330
Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account.
Espocrm Espocrm -
6.1
CVSSv3
CVE-2019-13643
Stored XSS in EspoCRM prior to 5.6.4 allows remote malicious users to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clic...
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-14331
An issue exists in EspoCRM prior to 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14546
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email sig...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14547
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could injec...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14549
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14550
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard butt...
Espocrm Espocrm
8.8
CVSSv3
CVE-2022-38843
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing malicious users to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.
Espocrm Espocrm 7.1.8
8
CVSSv3
CVE-2022-38844
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his...
Espocrm Espocrm 7.1.8
6.1
CVSSv3
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running...
Espocrm Espocrm 7.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »