Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suitecrm
(Salesagility)| Repositories | https://github.com/salesagility/SuiteCRM |
| #Vulnerabilities | 85 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-05 | CVE-2018-20816 | An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. | Suitecrm | 6.1 | ||
| 2019-09-27 | CVE-2019-16922 | SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. | Suitecrm | 5.3 | ||
| 2017-09-06 | CVE-2015-5947 | SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | Suitecrm | N/A | ||
| 2020-03-20 | CVE-2019-18782 | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | Suitecrm | N/A | ||
| 2019-11-06 | CVE-2019-18784 | SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | Suitecrm | N/A | ||
| 2019-10-02 | CVE-2019-13335 | SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | Suitecrm | N/A | ||
| 2019-10-02 | CVE-2019-14454 | SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | Suitecrm | N/A | ||
| 2019-09-30 | CVE-2019-14752 | SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. | Suitecrm | N/A | ||
| 2019-06-07 | CVE-2019-12601 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | Suitecrm | 9.8 | ||
| 2019-06-07 | CVE-2019-12600 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | Suitecrm | 9.8 |