EmreOvunc/Vtiger-CRM-Vulnerabilities

Releases1

Frequency

Last Release about 6 years ago

Stars6

Vtiger CRM v7.2.0 has Cross-Site Scripting (XSS) and directory listing vulnerabilities.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-19362 ↗	Jan 20, 2021Wednesday, 20 January 2021, 01:15	6.1 MEDIUM	4.3 MEDIUM
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVE-2020-19363 ↗	Jan 20, 2021Wednesday, 20 January 2021, 01:15	6.5 MEDIUM	4.3 MEDIUM
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.