Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Daybyday
(Daybydaycrm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-25 | CVE-2020-35704 | Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. | Daybyday | 5.4 | ||
| 2020-12-25 | CVE-2020-35705 | Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. | Daybyday | 5.4 | ||
| 2020-12-25 | CVE-2020-35706 | Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. | Daybyday | 5.4 | ||
| 2020-12-25 | CVE-2020-35707 | Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. | Daybyday | 5.4 | ||
| 2022-01-13 | CVE-2022-22112 | In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser. | Daybyday | N/A | ||
| 2022-01-13 | CVE-2022-22113 | In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. | Daybyday | 8.8 |