Webkul Krayin_crm

8 CVEs affecting Webkul Krayin_crm. Latest disclosed: 2026-04-14. Critical: 1, High: 4.

Top CVEs affecting Webkul Krayin_crm
CVESeverityScorePublishedSummary
CVE-2024-46367Critical9.62024-09-27A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malici…
CVE-2026-38529High8.82026-04-14A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrari…
CVE-2024-46366High8.82024-09-27A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by inje…
CVE-2026-38532High8.12026-04-14A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to…
CVE-2026-38530High8.12026-04-14A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to a…
CVE-2024-45932Medium4.82024-10-07Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
CVE-2025-3568Low3.52025-04-14A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of th…
CVE-2023-2925Low2.42023-05-27A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizati…