Vulnerabilities > Vtiger > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-44777 | Cross-site Scripting vulnerability in Vtiger CRM 7.4.0 A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 9.6 |
| 2024-08-29 | CVE-2024-44778 | Cross-site Scripting vulnerability in Vtiger CRM 7.4.0 A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 9.6 |
| 2024-08-29 | CVE-2024-44779 | Cross-site Scripting vulnerability in Vtiger CRM 7.4.0 A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 9.6 |
| 2009-09-18 | CVE-2009-3258 | Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors. | 9.0 |
| 2009-09-18 | CVE-2009-3250 | Improper Input Validation vulnerability in Vtiger CRM 5.0.4 The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. | 9.0 |