Vulnerabilities > Daybydaycrm > Daybyday
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-13 | CVE-2022-22112 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). | 3.5 |
2022-01-13 | CVE-2022-22113 | Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. | 6.5 |
2020-12-25 | CVE-2020-35707 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. | 3.5 |
2020-12-25 | CVE-2020-35706 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. | 3.5 |
2020-12-25 | CVE-2020-35705 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. | 3.5 |
2020-12-25 | CVE-2020-35704 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. | 3.5 |