Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suitecrm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x prior to 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
Salesagility Suitecrm
5.3
CVSSv3
CVE-2019-16922
SuiteCRM 7.10.x prior to 7.10.20 and 7.11.x prior to 7.11.8 allows unintended public exposure of files.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
6.1
CVSSv3
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x prior to 7.10.20 and 7.11.8 has XSS.
Salesagility Suitecrm
9.1
CVSSv3
CVE-2023-5350
SQL Injection in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
5.4
CVSSv3
CVE-2023-5351
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
6.5
CVSSv3
CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2020-28328
SuiteCRM prior to 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Salesagility Suitecrm
1 Github repository
8
CVSSv3
CVE-2021-25961
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
Salesagility Suitecrm
5.4
CVSSv3
CVE-2021-31792
XSS in the client account page in SuiteCRM prior to 7.11.19 allows an malicious user to inject JavaScript via the name field
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »