Vulnerabilities > Small CRM Project > Small CRM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-20 | CVE-2023-45394 | Cross-site Scripting vulnerability in Small CRM Project Small CRM 3.0 Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. | 5.4 |
| 2023-10-04 | CVE-2023-44075 | Cross-site Scripting vulnerability in Small CRM Project Small CRM 3.0 Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. | 5.4 |
| 2023-09-27 | CVE-2023-43331 | Cross-site Scripting vulnerability in Small CRM Project Small CRM 3.0 A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 5.4 |
| 2023-06-28 | CVE-2023-34650 | Cross-site Scripting vulnerability in Small CRM Project Small CRM 1.0 PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2023-01-26 | CVE-2022-47073 | Cross-site Scripting vulnerability in Small CRM Project Small CRM 3.0 A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. | 5.4 |