Vulnerabilities > Espocrm

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-46736 Unspecified vulnerability in Espocrm
EspoCRM is an Open Source CRM (Customer Relationship Management) software.
network
low complexity
espocrm
6.5
2023-11-30 CVE-2023-5965 Unspecified vulnerability in Espocrm
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
network
low complexity
espocrm
7.2
2023-11-30 CVE-2023-5966 Unspecified vulnerability in Espocrm
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
network
low complexity
espocrm
7.2
2022-09-16 CVE-2022-38843 Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm 7.1.8
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server.
network
low complexity
espocrm CWE-434
8.8
2022-09-16 CVE-2022-38844 Improper Neutralization of Formula Elements in a CSV File vulnerability in Espocrm 7.1.8
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands.
network
low complexity
espocrm CWE-1236
8.0
2022-09-16 CVE-2022-38845 Cross-site Scripting vulnerability in Espocrm 7.1.8
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user.
network
low complexity
espocrm CWE-79
6.1
2022-09-16 CVE-2022-38846 Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP).
network
high complexity
espocrm CWE-319
5.9
2021-08-04 CVE-2021-3539 Cross-site Scripting vulnerability in Espocrm
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images.
network
low complexity
espocrm CWE-79
5.4
2019-08-05 CVE-2019-14550 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.9.
network
low complexity
espocrm CWE-79
5.4
2019-08-05 CVE-2019-14549 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.9.
network
low complexity
espocrm CWE-79
5.4