Vulnerabilities > Salesagility > Suitecrm > 7.10.28

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-15300 Open Redirect vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
network
low complexity
salesagility CWE-601
6.1
6.1
2020-11-18 CVE-2020-14208 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality.
network
low complexity
salesagility CWE-79
5.4
5.4
2020-11-18 CVE-2020-15301 Improper Neutralization of Formula Elements in a CSV File vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules.
local
low complexity
salesagility CWE-1236
7.8
7.8
2020-11-06 CVE-2020-28328 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting.
network
low complexity
salesagility CWE-434
8.8
8.8
2020-02-13 CVE-2020-8804 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
network
low complexity
salesagility CWE-89
6.5
6.5
2020-02-13 CVE-2020-8803 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
network
low complexity
salesagility CWE-22
critical
 9.8
9.8
2020-02-13 CVE-2020-8802 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2020-02-13 CVE-2020-8801 Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows PHAR Deserialization.
network
low complexity
salesagility CWE-502
7.2
7.2
2020-02-13 CVE-2020-8800 Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
network
low complexity
salesagility CWE-74
8.8
8.8