Skip to main content

Zurmo

3 CVEs product

Monthly

CVE-2019-14472 MEDIUM POC This Month

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-19596 MEDIUM This Month

Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zurmo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19506 MEDIUM POC This Month

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zurmo
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy