Vulnerabilities > Salesagility

DATE CVE VULNERABILITY TITLE RISK
2021-09-29 CVE-2021-25961 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
network
low complexity
salesagility CWE-640
8.0
2021-08-18 CVE-2021-39267 Cross-site Scripting vulnerability in Salesagility Suitecrm
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files.
network
low complexity
salesagility CWE-79
6.1
2021-08-18 CVE-2021-39268 Cross-site Scripting vulnerability in Salesagility Suitecrm
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files.
network
low complexity
salesagility CWE-79
6.1
2021-04-30 CVE-2021-31792 Cross-site Scripting vulnerability in Salesagility Suitecrm
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
network
low complexity
salesagility CWE-79
5.4
2020-11-18 CVE-2020-15300 Open Redirect vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
network
low complexity
salesagility CWE-601
6.1
2020-11-18 CVE-2020-14208 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality.
network
low complexity
salesagility CWE-79
5.4
2020-11-18 CVE-2020-15301 Improper Neutralization of Formula Elements in a CSV File vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules.
local
low complexity
salesagility CWE-1236
7.8
2020-11-06 CVE-2020-28328 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting.
network
low complexity
salesagility CWE-434
8.8
2020-03-20 CVE-2019-18782 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
network
low complexity
salesagility
5.3
2020-03-16 CVE-2020-8787 Improper Input Validation vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
network
low complexity
salesagility CWE-20
7.5