Vulnerabilities > Vtiger > Vtiger CRM > 7.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-27 | CVE-2022-38335 | Cross-site Scripting vulnerability in Vtiger CRM Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | 5.4 |
| 2019-11-21 | CVE-2019-19202 | Incorrect Default Permissions vulnerability in Vtiger CRM 7.0/7.0.1/7.1.0 In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. | 6.5 |
| 2019-05-17 | CVE-2019-11057 | SQL Injection vulnerability in Vtiger CRM SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. | 8.8 |
| 2019-01-04 | CVE-2019-5009 | Unrestricted Upload of File with Dangerous Type vulnerability in Vtiger CRM Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. | 6.5 |