Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2022-38846
Disclosure Date: September 16, 2022 (last updated February 24, 2025)
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.
0
Attacker Value
Unknown
CVE-2022-38845
Disclosure Date: September 16, 2022 (last updated February 24, 2025)
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.
0
Attacker Value
Unknown
CVE-2022-38844
Disclosure Date: September 16, 2022 (last updated February 24, 2025)
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
0
Attacker Value
Unknown
CVE-2022-38843
Disclosure Date: September 16, 2022 (last updated February 24, 2025)
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.
0