Vulnerabilities > Daybydaycrm > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-05 | CVE-2022-22107 | Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0 In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. | 4.3 |
| 2022-01-05 | CVE-2022-22108 | Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0 In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. | 4.3 |
| 2022-01-05 | CVE-2022-22109 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday CRM 2.2.0 In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. | 5.4 |
| 2020-12-25 | CVE-2020-35707 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. | 5.4 |
| 2020-12-25 | CVE-2020-35706 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. | 5.4 |
| 2020-12-25 | CVE-2020-35705 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. | 5.4 |
| 2020-12-25 | CVE-2020-35704 | Cross-site Scripting vulnerability in Daybydaycrm Daybyday 2.1.0 Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. | 5.4 |