Webkul

Krayin Crm

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-36341

  • EPSS 0.21%
  • Veröffentlicht 07.05.2026 16:16:18
  • Zuletzt bearbeitet 07.05.2026 18:45:48

Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint

9.9

CVE-2026-38526

  • EPSS 0.83%
  • Veröffentlicht 14.04.2026 00:00:00
  • Zuletzt bearbeitet 17.04.2026 15:33:34

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.

8.5

CVE-2026-38527

  • EPSS 0.25%
  • Veröffentlicht 14.04.2026 00:00:00
  • Zuletzt bearbeitet 17.04.2026 15:33:34

A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

8.8

CVE-2026-38529

Exploit
  • EPSS 0.62%
  • Veröffentlicht 14.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 16:53:45

A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP re...

8.1

CVE-2026-38530

Exploit
  • EPSS 0.35%
  • Veröffentlicht 14.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 16:53:19

A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying...

8.1

CVE-2026-38532

Exploit
  • EPSS 0.35%
  • Veröffentlicht 14.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 16:52:55

A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via suppl...

5.4

CVE-2025-3568

Exploit
  • EPSS 0.33%
  • Veröffentlicht 14.04.2025 13:31:04
  • Zuletzt bearbeitet 26.06.2025 19:21:05

A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation lead...

4.8

CVE-2024-45932

Exploit
  • EPSS 0.39%
  • Veröffentlicht 07.10.2024 16:15:05
  • Zuletzt bearbeitet 11.10.2024 13:21:12

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.

8.8

CVE-2024-46366

  • EPSS 0.49%
  • Veröffentlicht 27.09.2024 17:15:13
  • Zuletzt bearbeitet 09.07.2025 17:57:50

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege esca...

9.6

CVE-2024-46367

  • EPSS 0.49%
  • Veröffentlicht 27.09.2024 17:15:13
  • Zuletzt bearbeitet 09.07.2025 17:41:49

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the paylo...