Salesagility

Suite CRM

105 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-41384

  • EPSS 0.18%
  • Veröffentlicht 27.10.2025 13:15:45
  • Zuletzt bearbeitet 28.10.2025 13:05:44

Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. Th...

3.7

CVE-2025-54787

  • EPSS 0.22%
  • Veröffentlicht 07.08.2025 21:15:39
  • Zuletzt bearbeitet 12.08.2025 20:54:29

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it ...

6.1

CVE-2025-54784

  • EPSS 0.2%
  • Veröffentlicht 07.08.2025 00:07:07
  • Zuletzt bearbeitet 12.08.2025 20:55:36

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a pre...

6.1

CVE-2025-54783

  • EPSS 0.2%
  • Veröffentlicht 07.08.2025 00:05:11
  • Zuletzt bearbeitet 12.08.2025 20:56:37

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript...

8.8

CVE-2025-54788

  • EPSS 0.38%
  • Veröffentlicht 06.08.2025 23:48:55
  • Zuletzt bearbeitet 14.08.2025 20:12:35

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This...

5.3

CVE-2025-54786

  • EPSS 0.27%
  • Veröffentlicht 06.08.2025 23:23:00
  • Zuletzt bearbeitet 14.08.2025 20:14:38

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthentic...

8.8

CVE-2025-54785

  • EPSS 0.35%
  • Veröffentlicht 06.08.2025 23:15:16
  • Zuletzt bearbeitet 13.08.2025 18:12:57

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead ...

8.8

CVE-2022-45185

Exploit
  • EPSS 1.12%
  • Veröffentlicht 07.01.2025 20:15:28
  • Zuletzt bearbeitet 15.04.2025 18:38:13

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

8.1

CVE-2022-45186

Exploit
  • EPSS 0.54%
  • Veröffentlicht 07.01.2025 20:15:28
  • Zuletzt bearbeitet 15.04.2025 18:33:57

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.

5.4

CVE-2024-50335

  • EPSS 0.3%
  • Veröffentlicht 05.11.2024 19:15:07
  • Zuletzt bearbeitet 08.11.2024 15:09:07

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject ma...