7 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. PHPGurukul Small CRM 3.0 es vulnerable a la inyección SQL en el panel de inicio de sesión de los usuarios debido a que el parámetro "password" se usa directamente en la consulta SQL sin ninguna sanitización y sin que se ejecute el payload de la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Small_CRM/SQL-Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el campo Company en la sección "Solicitar una cotización" de Small CRM v3.0 permite a un atacante almacenar y ejecutar código javascript malicioso en el panel de administración, lo que conduce a la apropiación de la cuenta de Administrador. • https://github.com/kartik753/CVE/blob/main/CVE-2023-45394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en Small CRM en PHP v.3.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro Dirección. • https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Una vulnerabilidad de Cross-Site Scripting (XSS) en la función Agregar Usuario de Small CRM v3.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo Nombre. • https://github.com/Kartikhunter/CVE/blob/main/CVE-2023-43331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34650 https://phpgurukul.com/small-crm-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •