Espocrm

Espocrm

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-14546

Exploit
  • EPSS 0.36%
  • Veröffentlicht 05.08.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:56

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malic...

8.8

CVE-2019-14351

Exploit
  • EPSS 0.58%
  • Veröffentlicht 28.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:34

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.

6.1

CVE-2019-14350

Exploit
  • EPSS 0.24%
  • Veröffentlicht 28.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:33

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation.

6.1

CVE-2019-14349

Exploit
  • EPSS 0.24%
  • Veröffentlicht 28.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:33

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in it...

6.1

CVE-2019-14331

Exploit
  • EPSS 0.31%
  • Veröffentlicht 28.07.2019 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:31

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code.

6.1

CVE-2019-14329

Exploit
  • EPSS 0.31%
  • Veröffentlicht 28.07.2019 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:31

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code.

6.1

CVE-2019-14330

Exploit
  • EPSS 0.31%
  • Veröffentlicht 28.07.2019 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:31

An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code.

6.1

CVE-2019-13643

Exploit
  • EPSS 0.25%
  • Veröffentlicht 18.07.2019 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:25:25

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can the...

5.4

CVE-2018-17302

Exploit
  • EPSS 0.19%
  • Veröffentlicht 21.09.2018 07:29:01
  • Zuletzt bearbeitet 21.11.2024 03:54:12

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.

5.4

CVE-2018-17301

Exploit
  • EPSS 0.19%
  • Veröffentlicht 21.09.2018 07:29:01
  • Zuletzt bearbeitet 21.11.2024 03:54:12

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.