Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2018-14398
Disclosure Date: September 07, 2018 (last updated November 27, 2024)
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials.
0
Attacker Value
Unknown
CVE-2018-14396
Disclosure Date: September 07, 2018 (last updated November 27, 2024)
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.
0
Attacker Value
Unknown
CVE-2018-14397
Disclosure Date: September 07, 2018 (last updated November 27, 2024)
An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.
0
Attacker Value
Unknown
CVE-2018-9283
Disclosure Date: September 07, 2018 (last updated November 27, 2024)
An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page.
0
