Bottelet Daybydaycrm
9 CVEs affecting Bottelet Daybydaycrm. Latest disclosed: 2026-06-01. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-22113 | High | 8.8 | 2022-01-13 | In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an… |
CVE-2022-22111 | High | 8.8 | 2022-01-05 | In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able t… |
CVE-2022-22110 | High | 7.5 | 2022-01-05 | In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password… |
CVE-2026-10283 | Medium | 6.3 | 2026-06-01 | A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation r… |
CVE-2022-22112 | Medium | 5.4 | 2022-01-13 | In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input… |
CVE-2022-22109 | Medium | 5.4 | 2022-01-05 | In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious… |
CVE-2026-10282 | Medium | 4.3 | 2026-06-01 | A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsContro… |
CVE-2022-22108 | Medium | 4.3 | 2022-01-05 | In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user)… |
CVE-2022-22107 | Medium | 4.3 | 2022-01-05 | In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user)… |