Vulnerabilities > Espocrm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-46736 | Server-Side Request Forgery (SSRF) vulnerability in Espocrm EspoCRM is an Open Source CRM (Customer Relationship Management) software. | 6.5 |
| 2023-11-30 | CVE-2023-5965 | Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | 7.2 |
| 2023-11-30 | CVE-2023-5966 | Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | 7.2 |
| 2022-09-16 | CVE-2022-38843 | Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. | 8.8 |
| 2022-09-16 | CVE-2022-38844 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Espocrm 7.1.8 CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. | 8.0 |
| 2022-09-16 | CVE-2022-38845 | Cross-site Scripting vulnerability in Espocrm 7.1.8 Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. | 6.1 |
| 2022-09-16 | CVE-2022-38846 | Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). | 5.9 |
| 2021-08-04 | CVE-2021-3539 | Cross-site Scripting vulnerability in Espocrm EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. | 5.4 |
| 2019-08-05 | CVE-2019-14550 | Cross-site Scripting vulnerability in Espocrm An issue was discovered in EspoCRM before 5.6.9. | 5.4 |
| 2019-08-05 | CVE-2019-14549 | Cross-site Scripting vulnerability in Espocrm An issue was discovered in EspoCRM before 5.6.9. | 5.4 |