Vulnerabilities > Salesagility

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-41595 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal.
network
low complexity
salesagility CWE-22
5.0
2021-10-04 CVE-2021-41596 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal.
network
low complexity
salesagility CWE-22
5.0
2021-10-04 CVE-2021-41869 Improper Privilege Management vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
network
low complexity
salesagility CWE-269
6.5
2021-09-29 CVE-2021-25960 Improper Neutralization of Formula Elements in a CSV File vulnerability in Salesagility Suitecrm
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection).
6.0
2021-09-29 CVE-2021-25961 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
6.0
2021-08-18 CVE-2021-39267 Cross-site Scripting vulnerability in Salesagility Suitecrm
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files.
4.3
2021-08-18 CVE-2021-39268 Cross-site Scripting vulnerability in Salesagility Suitecrm
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files.
4.3
2021-04-30 CVE-2021-31792 Cross-site Scripting vulnerability in Salesagility Suitecrm
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
3.5
2020-11-18 CVE-2020-15300 Open Redirect vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
5.8
2020-11-18 CVE-2020-14208 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality.
3.5