Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
espocrm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-7986
install/index.php in EspoCRM prior to 2.6.0 allows remote malicious users to re-install the application via a 1 value in the installProcess parameter.
Espocrm Espocrm
4.3
CVSSv2
CVE-2014-7987
Cross-site scripting (XSS) vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
Espocrm Espocrm
4.3
CVSSv2
CVE-2019-13643
Stored XSS in EspoCRM prior to 5.6.4 allows remote malicious users to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clic...
Espocrm Espocrm
3.5
CVSSv2
CVE-2019-14546
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email sig...
Espocrm Espocrm
3.5
CVSSv2
CVE-2019-14548
An issue exists in EspoCRM prior to 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScr...
Espocrm Espocrm
3.5
CVSSv2
CVE-2019-14550
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard butt...
Espocrm Espocrm
4.3
CVSSv2
CVE-2019-14329
An issue exists in EspoCRM prior to 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.
Espocrm Espocrm
NA
CVE-2022-38843
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing malicious users to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.
Espocrm Espocrm 7.1.8
NA
CVE-2022-38844
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his...
Espocrm Espocrm 7.1.8
NA
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running...
Espocrm Espocrm 7.1.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »