Show filters
33 Total Results
Displaying 11-20 of 33
Sort by:
Attacker Value
Unknown
CVE-2022-2885
Disclosure Date: August 21, 2022 (last updated February 24, 2025)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
0
Attacker Value
Unknown
CVE-2022-1411
Disclosure Date: May 05, 2022 (last updated February 23, 2025)
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
0
Attacker Value
Unknown
CVE-2022-0269
Disclosure Date: January 24, 2022 (last updated February 23, 2025)
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
0
Attacker Value
Unknown
CVE-2021-4121
Disclosure Date: December 16, 2021 (last updated February 23, 2025)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
0
Attacker Value
Unknown
CVE-2021-4117
Disclosure Date: December 15, 2021 (last updated February 23, 2025)
yetiforcecrm is vulnerable to Business Logic Errors
0
Attacker Value
Unknown
CVE-2021-4116
Disclosure Date: December 15, 2021 (last updated February 23, 2025)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
0
Attacker Value
Unknown
CVE-2021-4111
Disclosure Date: December 15, 2021 (last updated February 23, 2025)
yetiforcecrm is vulnerable to Business Logic Errors
0
Attacker Value
Unknown
CVE-2021-4107
Disclosure Date: December 14, 2021 (last updated February 23, 2025)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
0
Attacker Value
Unknown
CVE-2021-4092
Disclosure Date: December 11, 2021 (last updated February 23, 2025)
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
0
Attacker Value
Unknown
CVE-2019-20060
Disclosure Date: February 10, 2020 (last updated February 21, 2025)
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.
0
