Vulnerabilities > Vtiger
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-27 | CVE-2022-38335 | Cross-site Scripting vulnerability in Vtiger CRM Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | 5.4 |
| 2021-04-29 | CVE-2020-22807 | SQL Injection vulnerability in Vtiger CRM 7.2.0 An issue was dicovered in vtiger crm 7.2. | 7.5 |
| 2021-01-20 | CVE-2020-19363 | Information Exposure vulnerability in Vtiger CRM 7.2.0 Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | 4.3 |
| 2021-01-20 | CVE-2020-19362 | Cross-site Scripting vulnerability in Vtiger CRM 7.2.0 Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | 4.3 |
| 2020-02-07 | CVE-2013-3591 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 5.3.0/5.4.0 vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | 6.5 |
| 2020-02-06 | CVE-2015-6000 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | 6.5 |
| 2020-01-29 | CVE-2013-3215 | Improper Authentication vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | 7.5 |
| 2020-01-28 | CVE-2013-3214 | Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | 7.5 |
| 2020-01-28 | CVE-2013-3212 | Injection vulnerability in Vtiger CRM vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | 6.8 |
| 2019-11-21 | CVE-2019-19202 | Incorrect Default Permissions vulnerability in Vtiger CRM 7.0/7.0.1/7.1.0 In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. | 6.5 |