Vulnerabilities > Vtiger > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-44777 Cross-site Scripting vulnerability in Vtiger CRM 7.4.0
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
network
low complexity
vtiger CWE-79
critical
 9.6
9.6
2024-08-29 CVE-2024-44778 Cross-site Scripting vulnerability in Vtiger CRM 7.4.0
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
network
low complexity
vtiger CWE-79
critical
 9.6
9.6
2024-08-29 CVE-2024-44779 Cross-site Scripting vulnerability in Vtiger CRM 7.4.0
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
network
low complexity
vtiger CWE-79
critical
 9.6
9.6
2021-04-29 CVE-2020-22807 SQL Injection vulnerability in Vtiger CRM 7.2.0
An issue was dicovered in vtiger crm 7.2.
network
low complexity
vtiger CWE-89
critical
 9.8
9.8
2020-01-29 CVE-2013-3215 Improper Authentication vulnerability in Vtiger CRM
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
network
low complexity
vtiger CWE-287
critical
 9.8
9.8
2020-01-28 CVE-2013-3214 Injection vulnerability in Vtiger CRM
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
network
low complexity
vtiger CWE-74
critical
 9.8
9.8