Vulnerabilities > Espocrm
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-31 | CVE-2014-7986 | Permissions, Privileges, and Access Controls vulnerability in Espocrm install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. | 5.0 |
2014-10-31 | CVE-2014-7985 | Path Traversal vulnerability in Espocrm Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2014-10-20 | CVE-2014-8330 | Cross-Site Scripting vulnerability in Espocrm Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account. | 3.5 |