Filtered by vendor Espocrm
Subscribe
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14331 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | |||||
| CVE-2019-14330 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | |||||
| CVE-2019-14329 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code. | |||||
| CVE-2019-13643 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page. | |||||
| CVE-2018-17302 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | |||||
| CVE-2018-17301 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | |||||