Vulnerabilities (CVE)

Filtered by vendor Cremecrm Subscribe
Filtered by product Cremecrm
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9283 1 Cremecrm 1 Cremecrm 2024-02-04 3.5 LOW 5.4 MEDIUM
An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page.
CVE-2018-14398 1 Cremecrm 1 Cremecrm 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials.
CVE-2018-14397 1 Cremecrm 1 Cremecrm 2024-02-04 3.5 LOW 5.4 MEDIUM
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.
CVE-2018-14396 1 Cremecrm 1 Cremecrm 2024-02-04 3.5 LOW 5.4 MEDIUM
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.