Vulnerabilities > Espocrm > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-31 | CVE-2014-7987 | Cross-Site Scripting vulnerability in Espocrm Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. | 4.3 |
| 2014-10-31 | CVE-2014-7986 | Permissions, Privileges, and Access Controls vulnerability in Espocrm install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. | 5.0 |