YetiForceCompany/YetiForceCRM

GitHub

github.com

yetiforce.com

Releases36

Frequency3 months 17 hours

Last Release over 2 years ago

Stars1.79K

We've moved! For more information, visit https://github.com/YetiForceCompany/YetiForce

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-49508 ↗	Feb 16, 2024Friday, 16 February 2024, 08:15	6.5 MEDIUM	—
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.
CVE-2022-3002 ↗	Oct 6, 2022Thursday, 6 October 2022, 18:16	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3005 ↗	Sep 20, 2022Tuesday, 20 September 2022, 11:15	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3004 ↗	Sep 20, 2022Tuesday, 20 September 2022, 10:15	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3000 ↗	Sep 20, 2022Tuesday, 20 September 2022, 07:15	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2924 ↗	Sep 20, 2022Tuesday, 20 September 2022, 06:15	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
CVE-2022-2829 ↗	Aug 23, 2022Tuesday, 23 August 2022, 04:15	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2890 ↗	Aug 22, 2022Monday, 22 August 2022, 14:15	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1340 ↗	Aug 22, 2022Monday, 22 August 2022, 12:15	5.4 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2885 ↗	Aug 21, 2022Sunday, 21 August 2022, 08:15	4.8 MEDIUM	—
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1411 ↗	May 5, 2022Thursday, 5 May 2022, 11:15	6.1 MEDIUM	4.3 MEDIUM
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
CVE-2022-0269 ↗	Jan 24, 2022Monday, 24 January 2022, 12:15	8 HIGH	6 MEDIUM
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVE-2021-4121 ↗	Dec 16, 2021Thursday, 16 December 2021, 08:15	6.1 MEDIUM	4.3 MEDIUM
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4117 ↗	Dec 15, 2021Wednesday, 15 December 2021, 15:15	4.3 MEDIUM	4 MEDIUM
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4116 ↗	Dec 15, 2021Wednesday, 15 December 2021, 14:15	5.4 MEDIUM	3.5 LOW
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4111 ↗	Dec 15, 2021Wednesday, 15 December 2021, 09:15	4.3 MEDIUM	4 MEDIUM
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4107 ↗	Dec 14, 2021Tuesday, 14 December 2021, 15:15	6.1 MEDIUM	4.3 MEDIUM
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4092 ↗	Dec 11, 2021Saturday, 11 December 2021, 14:15	4.3 MEDIUM	4.3 MEDIUM
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)