NotCVE - vendor:"Salesagility" product:"SuiteCRM"

Page 4 of 85 results (0.020 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5353 – Improper Access Control in salesagility/suitecrm

https://notcve.org/view.php?id=CVE-2023-5353

03 Oct 2023 — Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. Control de acceso inadecuado en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa • CWE-284: Improper Access Control •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5351 – Cross-site Scripting (XSS) - Stored in salesagility/suitecrm

https://notcve.org/view.php?id=CVE-2023-5351

03 Oct 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub salesagility/suitecrm antes de 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5350 – SQL Injection in salesagility/suitecrm

https://notcve.org/view.php?id=CVE-2023-5350

03 Oct 2023 — SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Inyección SQL en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-3627 – Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core

https://notcve.org/view.php?id=CVE-2023-3627

11 Jul 2023 — Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. • https://github.com/salesagility/suitecrm-core/commit/78285702d76317f081b1fbc59cb2754e93b9a4c3 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-3293 – Cross-site Scripting (XSS) - Stored in salesagility/suitecrm-core

https://notcve.org/view.php?id=CVE-2023-3293

16 Jun 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. • https://github.com/salesagility/suitecrm-core/commit/1f949f1ac2b7fe82f3c2c6071f842b804ba91929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1

CVE-2023-1034 – Path Traversal: '\..\filename' in salesagility/suitecrm

https://notcve.org/view.php?id=CVE-2023-1034

25 Feb 2023 — Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. • https://github.com/salesagility/suitecrm/commit/c19f221a41706efc8d73cef95c5e362c4f86bf06 • CWE-29: Path Traversal: '\..\filename' •

CVSS: 7.2EPSS: 13%CPEs: 1EXPL: 1

CVE-2022-27474

https://notcve.org/view.php?id=CVE-2022-27474

15 Apr 2022 — SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. Se ha detectado que SuiteCRM versión v7.11.23, permite una ejecución de código remota por medio de una carga útil diseñada inyectada en el campo de texto FirstName • https://github.com/Mount4in/Mount4in.github.io/blob/master/poc.py •

CVSS: 8.8EPSS: 44%CPEs: 2EXPL: 2

CVE-2022-23940

https://notcve.org/view.php?id=CVE-2022-23940

07 Mar 2022 — SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project depend... • https://github.com/manuelz120/CVE-2022-23940 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-0754 – SQL Injection in salesagility/suitecrm

https://notcve.org/view.php?id=CVE-2022-0754

07 Mar 2022 — SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. Inyección SQL en el repositorio GitHub salesagility/suitecrm anterior a la versión 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-0755 – Missing Authorization in salesagility/suitecrm

https://notcve.org/view.php?id=CVE-2022-0755

07 Mar 2022 — Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Un Control de Acceso Inapropiado en el repositorio de GitHub salesagility/suitecrm versiones anteriores a 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-862: Missing Authorization •

1 2 3 4 5