Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zurmo vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-19506
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.
Zurmo Zurmo 3.2.4
4.8
CVSSv3
CVE-2018-19596
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.
Zurmo Zurmo 3.2.4
5.4
CVSSv3
CVE-2017-7188
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
Zurmo Zurmo Crm
1 Github repository
4.8
CVSSv3
CVE-2017-16569
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Zurmo Zurmo Crm 3.2.1.57987acc3018
4.8
CVSSv3
CVE-2017-15039
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Zurmo Zurmo Crm 3.2.1.57987acc3018
NA
CVE-2015-5365
Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.
Zurmo Zurmo Crm 3.0.2
6.1
CVSSv3
CVE-2019-14472
Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.
Zurmo Zurmo 3.2.7-2
6.1
CVSSv3
CVE-2018-16654
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
Zurmo Zurmo Crm 3.2.4
5.4
CVSSv3
CVE-2017-18004
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.
Zurmo Zurmo Crm 3.2.3
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started