Vulnerabilities > Espocrm

DATE CVE VULNERABILITY TITLE RISK
2021-08-04 CVE-2021-3539 Cross-site Scripting vulnerability in Espocrm
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images.
network
espocrm CWE-79
3.5
2019-08-05 CVE-2019-14550 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.9.
network
espocrm CWE-79
3.5
2019-08-05 CVE-2019-14549 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.9.
network
espocrm CWE-79
3.5
2019-08-05 CVE-2019-14548 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.9.
network
espocrm CWE-79
3.5
2019-08-05 CVE-2019-14547 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.9.
network
espocrm CWE-79
3.5
2019-08-05 CVE-2019-14546 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.9.
network
espocrm CWE-79
3.5
2019-07-28 CVE-2019-14351 Improper Restriction of Excessive Authentication Attempts vulnerability in Espocrm 5.6.4
EspoCRM 5.6.4 is vulnerable to user password hash enumeration.
network
low complexity
espocrm CWE-307
4.0
2019-07-28 CVE-2019-14350 Cross-site Scripting vulnerability in Espocrm 5.6.4
EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base.
network
espocrm CWE-79
4.3
2019-07-28 CVE-2019-14349 Cross-site Scripting vulnerability in Espocrm 5.6.4
EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab.
network
espocrm CWE-79
4.3
2019-07-28 CVE-2019-14331 Cross-site Scripting vulnerability in Espocrm
An issue was discovered in EspoCRM before 5.6.6.
network
espocrm CWE-79
4.3