Vulnerabilities > Daybydaycrm

DATE CVE VULNERABILITY TITLE RISK
2022-01-13 CVE-2022-22112 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI).
3.5
2022-01-13 CVE-2022-22113 Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration.
network
low complexity
daybydaycrm CWE-613
6.5
2022-01-05 CVE-2022-22107 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization.
network
low complexity
daybydaycrm CWE-862
4.0
2022-01-05 CVE-2022-22108 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization.
network
low complexity
daybydaycrm CWE-862
4.0
2022-01-05 CVE-2022-22109 Cross-site Scripting vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks.
3.5
2022-01-05 CVE-2022-22110 Weak Password Requirements vulnerability in Daybydaycrm Daybyday CRM
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality.
network
low complexity
daybydaycrm CWE-521
5.0
2022-01-05 CVE-2022-22111 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization.
network
low complexity
daybydaycrm CWE-862
6.5
2020-12-25 CVE-2020-35707 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.
3.5
2020-12-25 CVE-2020-35706 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.
3.5
2020-12-25 CVE-2020-35705 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.
3.5