Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vtiger_crm
(Vtiger)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 69 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-16 | CVE-2024-42995 | VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. | Vtiger_crm | N/A | ||
| 2021-01-20 | CVE-2020-19362 | Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | Vtiger_crm | 6.1 | ||
| 2021-01-20 | CVE-2020-19363 | Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | Vtiger_crm | 6.5 | ||
| 2021-04-29 | CVE-2020-22807 | An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | Vtiger_crm | 9.8 | ||
| 2023-09-14 | CVE-2023-38891 | SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | Vtiger_crm | 8.8 | ||
| 2024-10-14 | CVE-2024-48119 | Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML. | Vtiger_crm | 5.4 | ||
| 2024-08-29 | CVE-2024-44776 | An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. | Vtiger_crm | 6.1 | ||
| 2024-08-29 | CVE-2024-44777 | A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | Vtiger_crm | 9.6 | ||
| 2024-08-29 | CVE-2024-44778 | A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | Vtiger_crm | 9.6 | ||
| 2024-08-29 | CVE-2024-44779 | A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | Vtiger_crm | 9.6 |