Show filters
18 Total Results
Displaying 11-18 of 18
Sort by:
Attacker Value
Unknown

CVE-2022-1411

Disclosure Date: May 05, 2022 (last updated October 07, 2023)
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-0269

Disclosure Date: January 24, 2022 (last updated October 07, 2023)
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4121

Disclosure Date: December 16, 2021 (last updated October 07, 2023)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4117

Disclosure Date: December 15, 2021 (last updated October 07, 2023)
yetiforcecrm is vulnerable to Business Logic Errors
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-4116

Disclosure Date: December 15, 2021 (last updated October 07, 2023)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4111

Disclosure Date: December 15, 2021 (last updated October 07, 2023)
yetiforcecrm is vulnerable to Business Logic Errors
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-4107

Disclosure Date: December 14, 2021 (last updated October 07, 2023)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4092

Disclosure Date: December 11, 2021 (last updated October 07, 2023)
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous