Vulnerabilities > Vtiger > Vtiger CRM > 6.5.0

DATE CVE VULNERABILITY TITLE RISK
2022-09-27 CVE-2022-38335 Cross-site Scripting vulnerability in Vtiger CRM
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
network
low complexity
vtiger CWE-79
5.4
5.4
2019-06-06 CVE-2018-8047 Cross-site Scripting vulnerability in Vtiger CRM
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions.
network
vtiger CWE-79
4.3
4.3
2019-05-24 CVE-2016-10754 SQL Injection vulnerability in Vtiger CRM 6.5.0
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter.
network
low complexity
vtiger CWE-89
6.5
6.5
2019-05-17 CVE-2019-11057 SQL Injection vulnerability in Vtiger CRM
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
network
low complexity
vtiger CWE-89
8.8
8.8
2019-01-04 CVE-2019-5009 Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40.
network
low complexity
vtiger CWE-434
6.5
6.5