Vulnerabilities > Espocrm > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-46736 | Unspecified vulnerability in Espocrm EspoCRM is an Open Source CRM (Customer Relationship Management) software. | 6.5 |
| 2022-09-16 | CVE-2022-38845 | Cross-site Scripting vulnerability in Espocrm 7.1.8 Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. | 6.1 |
| 2022-09-16 | CVE-2022-38846 | Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). | 5.9 |
| 2021-08-04 | CVE-2021-3539 | Cross-site Scripting vulnerability in Espocrm EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. | 5.4 |
| 2019-08-05 | CVE-2019-14550 | Cross-site Scripting vulnerability in Espocrm An issue was discovered in EspoCRM before 5.6.9. | 5.4 |
| 2019-08-05 | CVE-2019-14549 | Cross-site Scripting vulnerability in Espocrm An issue was discovered in EspoCRM before 5.6.9. | 5.4 |
| 2019-08-05 | CVE-2019-14548 | Cross-site Scripting vulnerability in Espocrm An issue was discovered in EspoCRM before 5.6.9. | 5.4 |
| 2019-08-05 | CVE-2019-14547 | Cross-site Scripting vulnerability in Espocrm An issue was discovered in EspoCRM before 5.6.9. | 5.4 |
| 2019-08-05 | CVE-2019-14546 | Cross-site Scripting vulnerability in Espocrm An issue was discovered in EspoCRM before 5.6.9. | 5.4 |
| 2019-07-28 | CVE-2019-14350 | Cross-site Scripting vulnerability in Espocrm 5.6.4 EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. | 6.1 |