Vulnerabilities > Vtiger > Vtiger CRM > 7.2.0

DATE CVE VULNERABILITY TITLE RISK
2022-09-27 CVE-2022-38335 Cross-site Scripting vulnerability in Vtiger CRM
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
network
low complexity
vtiger CWE-79
5.4
5.4
2021-04-29 CVE-2020-22807 SQL Injection vulnerability in Vtiger CRM 7.2.0
An issue was dicovered in vtiger crm 7.2.
network
low complexity
vtiger CWE-89
critical
 9.8
9.8
2021-01-20 CVE-2020-19363 Information Exposure vulnerability in Vtiger CRM 7.2.0
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
network
low complexity
vtiger CWE-200
6.5
6.5
2021-01-20 CVE-2020-19362 Cross-site Scripting vulnerability in Vtiger CRM 7.2.0
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
network
low complexity
vtiger CWE-79
6.1
6.1