Vulnerabilities > Daybydaycrm > Daybyday

DATE CVE VULNERABILITY TITLE RISK
2022-01-13 CVE-2022-22112 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). 		3.5
3.5
2022-01-13 CVE-2022-22113 Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration.
network
low complexity
daybydaycrm CWE-613
6.5
6.5
2020-12-25 CVE-2020-35707 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. 		3.5
3.5
2020-12-25 CVE-2020-35706 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. 		3.5
3.5
2020-12-25 CVE-2020-35705 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. 		3.5
3.5
2020-12-25 CVE-2020-35704 Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. 		3.5
3.5