Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vtiger crm vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-19363
Vtiger CRM v7.2.0 allows an malicious user to display hidden files, list directories by using /libraries and /layout directories.
Vtiger Vtiger Crm 7.2.0
1 Github repository
4.3
CVSSv2
CVE-2018-8047
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated malicious users to inject arbitrary web script or HTML via index.php?module=Contacts&a...
Vtiger Vtiger Crm
4.3
CVSSv2
CVE-2013-7326
Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote malicious users to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) ...
Vtiger Vtiger Crm 5.4.0
4.3
CVSSv2
CVE-2011-4680
Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM prior to 5.2.0 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 3
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.2.1
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 4.0
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 5.0.2
4.3
CVSSv2
CVE-2011-4670
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) conta...
Vtiger Vtiger Crm
2 EDB exploits
4.3
CVSSv2
CVE-2010-3911
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM prior to 5.2.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label...
Vtiger Vtiger Crm 2.1
Vtiger Vtiger Crm 1.0
Vtiger Vtiger Crm 4.0.1
Vtiger Vtiger Crm 5.0.0
Vtiger Vtiger Crm 4
Vtiger Vtiger Crm 5.1.0
Vtiger Vtiger Crm 2.0
Vtiger Vtiger Crm 3
Vtiger Vtiger Crm 5.0.3
Vtiger Vtiger Crm 5.0.4
Vtiger Vtiger Crm 4.2.4
Vtiger Vtiger Crm 3.2
Vtiger Vtiger Crm 3.0
Vtiger Vtiger Crm
Vtiger Vtiger Crm 5.0.2
Vtiger Vtiger Crm 2.0.1
Vtiger Vtiger Crm 4.2
Vtiger Vtiger Crm 4.0
4.3
CVSSv2
CVE-2009-3247
Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote malicious users to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3.
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2008-3101
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter i...
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2005-3818
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a ...
Vtiger Vtiger Crm
2 EDB exploits
4.3
CVSSv2
CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via multiple vectors, including the account name.
Vtiger Vtiger Crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »