CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-6124 – Server-Side Request Forgery (SSRF) in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-6124
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. Server-Side Request Forgery (SSRF) en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.2, 8.4.2, 7.12.14. • https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5353 – Improper Access Control in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. Control de acceso inadecuado en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa https://huntr.dev/bounties/3b3bb4f1-1aea-4134-99eb-157f245fa752 • CWE-284: Improper Access Control •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5351 – Cross-site Scripting (XSS) - Stored in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-5351
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub salesagility/suitecrm antes de 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa https://huntr.dev/bounties/f7c7fcbc-5421-4a29-9385-346a1caa485b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5350 – SQL Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-5350
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Inyección SQL en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa https://huntr.dev/bounties/c56563cb-b74e-4174-a09a-cd07689d6736 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3627 – Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core
https://notcve.org/view.php?id=CVE-2023-3627
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. • https://github.com/salesagility/suitecrm-core/commit/78285702d76317f081b1fbc59cb2754e93b9a4c3 https://huntr.dev/bounties/558b3dce-db03-47ba-b60b-c6eb578e04f1 • CWE-352: Cross-Site Request Forgery (CSRF) •