Vulnerabilities > Vtiger > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-14 CVE-2024-48119 Cross-site Scripting vulnerability in Vtiger CRM 8.2.0
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter.
network
low complexity
vtiger CWE-79
5.4
5.4
2024-08-29 CVE-2024-44776 Open Redirect vulnerability in Vtiger CRM 7.4.0
An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.
network
low complexity
vtiger CWE-601
6.1
6.1
2022-09-27 CVE-2022-38335 Cross-site Scripting vulnerability in Vtiger CRM
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
network
low complexity
vtiger CWE-79
5.4
5.4
2021-01-20 CVE-2020-19363 Information Exposure vulnerability in Vtiger CRM 7.2.0
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
network
vtiger CWE-200
4.3
4.3
2021-01-20 CVE-2020-19362 Cross-site Scripting vulnerability in Vtiger CRM 7.2.0
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
network
vtiger CWE-79
4.3
4.3
2020-02-07 CVE-2013-3591 Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM 5.3.0/5.4.0
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
network
low complexity
vtiger CWE-434
6.5
6.5
2020-02-06 CVE-2015-6000 Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
network
low complexity
vtiger CWE-434
6.5
6.5
2020-01-28 CVE-2013-3212 Injection vulnerability in Vtiger CRM
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
network
vtiger CWE-74
6.8
6.8
2019-11-21 CVE-2019-19202 Incorrect Default Permissions vulnerability in Vtiger CRM 7.0/7.0.1/7.1.0
In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request.
network
low complexity
vtiger CWE-276
6.5
6.5
2019-06-06 CVE-2018-8047 Cross-site Scripting vulnerability in Vtiger CRM
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions.
network
vtiger CWE-79
4.3
4.3