Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vtiger_crm
(Vtiger)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 69 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-21 | CVE-2025-45755 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution. | Vtiger_crm | N/A | ||
| 2025-05-21 | CVE-2025-45753 | A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. | Vtiger_crm | N/A | ||
| 2022-09-27 | CVE-2022-38335 | Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | Vtiger_crm | 5.4 | ||
| 2024-08-16 | CVE-2024-42994 | VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. | Vtiger_crm | N/A |