Skip to main content

Zurmo Crm

6 CVEs product

Monthly

CVE-2018-16654 MEDIUM POC This Month

Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo Crm
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2017-18004 MEDIUM POC This Month

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-16569 MEDIUM This Month

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect PHP Zurmo Crm
NVD
CVSS 3.0
4.8
EPSS
0.1%
CVE-2017-15039 MEDIUM This Month

Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Zurmo Crm
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-7188 MEDIUM POC This Month

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2015-5365 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD
CVSS 2.0
3.5
EPSS
0.2%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo Crm
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect PHP Zurmo Crm
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Zurmo Crm
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy