Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
espocrm espocrm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-7987
Cross-site scripting (XSS) vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14546
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email sig...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14547
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could injec...
Espocrm Espocrm
5.4
CVSSv3
CVE-2019-14548
An issue exists in EspoCRM prior to 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScr...
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-14329
An issue exists in EspoCRM prior to 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.
Espocrm Espocrm
6.1
CVSSv3
CVE-2019-14331
An issue exists in EspoCRM prior to 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code.
Espocrm Espocrm
NA
CVE-2014-8330
Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account.
Espocrm Espocrm -
5.4
CVSSv3
CVE-2018-17302
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
Espocrm Espocrm 5.3.6
5.4
CVSSv3
CVE-2018-17301
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
Espocrm Espocrm 5.3.6
8.8
CVSSv3
CVE-2019-14351
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.
Espocrm Espocrm 5.6.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »