Yetiforce_customer_relationship_management - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Yetiforce_customer_relationship_management
(Yetiforce)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	18

Date	Id	Summary	Products	Score	Patch	Annotated
2022-05-05	CVE-2022-1411	Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.	Yetiforce_customer_relationship_management	6.1
2022-08-21	CVE-2022-2885	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	4.8
2022-08-22	CVE-2022-1340	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	5.4
2022-08-22	CVE-2022-2890	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	5.4
2022-08-23	CVE-2022-2829	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	5.4
2022-09-20	CVE-2022-2924	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.	Yetiforce_customer_relationship_management	5.4
2022-09-20	CVE-2022-3000	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	5.4
2022-09-20	CVE-2022-3004	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	5.4
2022-09-20	CVE-2022-3005	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	5.4
2022-10-06	CVE-2022-3002	Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.	Yetiforce_customer_relationship_management	5.4