Vulnerabilities > Zurmo > Zurmo

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2019-14472 Cross-site Scripting vulnerability in Zurmo 3.2.72
Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.
network
low complexity
zurmo CWE-79
6.1
6.1
2018-12-19 CVE-2018-19596 Cross-site Scripting vulnerability in Zurmo 3.2.4
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.
network
low complexity
zurmo CWE-79
4.8
4.8
2018-12-19 CVE-2018-19506 Cross-site Scripting vulnerability in Zurmo 3.2.4
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.
network
low complexity
zurmo CWE-79
4.8
4.8