Webkul Krayin_crm
8 CVEs affecting Webkul Krayin_crm. Latest disclosed: 2026-04-14. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-46367 | Critical | 9.6 | 2024-09-27 | A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malici… |
CVE-2026-38529 | High | 8.8 | 2026-04-14 | A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrari… |
CVE-2024-46366 | High | 8.8 | 2024-09-27 | A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by inje… |
CVE-2026-38532 | High | 8.1 | 2026-04-14 | A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to… |
CVE-2026-38530 | High | 8.1 | 2026-04-14 | A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to a… |
CVE-2024-45932 | Medium | 4.8 | 2024-10-07 | Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. |
CVE-2025-3568 | Low | 3.5 | 2025-04-14 | A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of th… |
CVE-2023-2925 | Low | 2.4 | 2023-05-27 | A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizati… |