Vulnerabilities > Zurmo > Zurmo CRM > 3.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-14 | CVE-2017-7188 | Cross-site Scripting vulnerability in Zurmo CRM Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | 3.5 |
| 2015-07-02 | CVE-2015-5365 | Cross-site Scripting vulnerability in Zurmo CRM 3.0.2 Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field. | 3.5 |