Vulnerabilities > Salesagility > Suitecrm > 7.11.4

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-14208 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. 		3.5
3.5
2020-11-18 CVE-2020-15301 Improper Neutralization of Formula Elements in a CSV File vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. 		6.8
6.8
2020-11-06 CVE-2020-28328 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting.
network
low complexity
salesagility CWE-434
critical
 9.0
9.0
2020-03-20 CVE-2019-18782 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
network
low complexity
salesagility
5.0
5.0
2020-03-16 CVE-2020-8787 Improper Input Validation vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
network
low complexity
salesagility CWE-20
5.0
5.0
2020-03-16 CVE-2020-8786 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-03-16 CVE-2020-8785 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-03-16 CVE-2020-8784 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-03-16 CVE-2020-8783 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-02-13 CVE-2020-8804 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
network
low complexity
salesagility CWE-89
4.0
4.0