Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility suitecrm vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated malicious users to inject arbitrary web script or HTML.
Salesagility Suitecrm
4.3
CVSSv2
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x prior to 7.10.20 and 7.11.8 has XSS.
Salesagility Suitecrm
9.3
CVSSv2
CVE-2015-5948
Race condition in SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8786
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 4 of 4).
Salesagility Suitecrm
5
CVSSv2
CVE-2020-8787
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow for an invalid Bean ID to be submitted.
Salesagility Suitecrm
6.5
CVSSv2
CVE-2020-8800
SuiteCRM up to and including 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
Salesagility Suitecrm
6.5
CVSSv2
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8803
SuiteCRM up to and including 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
Salesagility Suitecrm
NA
CVE-2023-6388
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
Salesagility Suitecrm 7.14.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »