Vulnerabilities > Daybydaycrm

DATE CVE VULNERABILITY TITLE RISK
2022-01-13 CVE-2022-22113 Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration.
network
low complexity
daybydaycrm CWE-613
8.8
2022-01-05 CVE-2022-22107 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization.
network
low complexity
daybydaycrm CWE-862
4.3
2022-01-05 CVE-2022-22108 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization.
network
low complexity
daybydaycrm CWE-862
4.3
2022-01-05 CVE-2022-22109 Cross-site Scripting vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks.
network
low complexity
daybydaycrm CWE-79
5.4
2022-01-05 CVE-2022-22110 Weak Password Requirements vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality.
network
low complexity
daybydaycrm CWE-521
7.5
2022-01-05 CVE-2022-22111 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization.
network
low complexity
daybydaycrm CWE-862
8.8
2020-12-25 CVE-2020-35707 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.
network
low complexity
daybydaycrm CWE-79
5.4
2020-12-25 CVE-2020-35706 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.
network
low complexity
daybydaycrm CWE-79
5.4
2020-12-25 CVE-2020-35705 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.
network
low complexity
daybydaycrm CWE-79
5.4
2020-12-25 CVE-2020-35704 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.
network
low complexity
daybydaycrm CWE-79
5.4