Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2024-36414
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2024-36415
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Salesagility Suitecrm
7.5
CVSSv3
CVE-2024-36416
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Salesagility Suitecrm
1 Github repository
9
CVSSv3
CVE-2024-36417
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this is...
Salesagility Suitecrm
6.1
CVSSv3
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x prior to 7.10.20 and 7.11.8 has XSS.
Salesagility Suitecrm
5.3
CVSSv3
CVE-2021-41595
SuiteCRM prior to 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
Salesagility Suitecrm
5.3
CVSSv3
CVE-2021-41596
SuiteCRM prior to 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2021-41597
SuiteCRM up to and including 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2021-41869
SuiteCRM 7.10.x prior to 7.10.33 and 7.11.x prior to 7.11.22 is vulnerable to privilege escalation.
Salesagility Suitecrm
5.4
CVSSv3
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated malicious users to inject arbitrary web script or HTML.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »