Vtiger Crm
Monthly
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.