Filtered by vendor Yetiforce
Subscribe
Filtered by product Yetiforce Customer Relationship Management
Subscribe
Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2885 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | N/A | 4.8 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
CVE-2022-2890 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
CVE-2022-2829 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
CVE-2022-3002 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
CVE-2022-1340 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
CVE-2022-1411 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover. | |||||
CVE-2021-4116 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2022-0269 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 6.0 MEDIUM | 8.0 HIGH |
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. | |||||
CVE-2021-4111 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
yetiforcecrm is vulnerable to Business Logic Errors | |||||
CVE-2021-4117 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
yetiforcecrm is vulnerable to Business Logic Errors | |||||
CVE-2021-4107 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-4121 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-4092 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) |