Skip to main content

Vtenext

3 CVEs product

Monthly

CVE-2020-10229 HIGH POC This Week

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vtenext
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-10228 HIGH POC This Week

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Vtenext
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-10227 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vtenext
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.1%
EPSS 1% CVSS 8.8
HIGH POC This Week

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vtenext
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Vtenext
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vtenext
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy