Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-15301
SuiteCRM up to and including 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Salesagility Suitecrm
8
CVSSv3
CVE-2021-25961
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
6.5
CVSSv3
CVE-2020-8804
SuiteCRM up to and including 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2018-15606
An XSS issue exists in SalesAgility SuiteCRM 7.x prior to 7.8.21 and 7.10.x prior to 7.10.8, related to phishing an error message.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-12598
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 1 of 3).
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-12600
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 2 of 3).
Salesagility Suitecrm
5.3
CVSSv3
CVE-2019-18782
SuiteCRM 7.10.x before 7.10.21 and 7.11.x before 7.11.9 does not correctly implement the .htaccess protection mechanism.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-18784
SuiteCRM 7.10.x versions before 7.10.21 and 7.11.x versions before 7.11.9 allow SQL Injection.
Salesagility Suitecrm
8.1
CVSSv3
CVE-2015-5948
Race condition in SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »