Yetiforce Yetiforce_customer_relationship_management
18 CVEs affecting Yetiforce Yetiforce_customer_relationship_management. Latest disclosed: 2024-02-16. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0269 | High | 8.0 | 2022-01-24 | Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. |
CVE-2023-49508 | Medium | 6.5 | 2024-02-16 | Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive informa… |
CVE-2022-1411 | Medium | 6.1 | 2022-05-05 | Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retriev… |
CVE-2021-4121 | Medium | 6.1 | 2021-12-16 | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CVE-2021-4107 | Medium | 6.1 | 2021-12-14 | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CVE-2022-3002 | Medium | 5.4 | 2022-10-06 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2022-3005 | Medium | 5.4 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2022-3004 | Medium | 5.4 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2022-3000 | Medium | 5.4 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2022-2924 | Medium | 5.4 | 2022-09-20 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. |
CVE-2022-2829 | Medium | 5.4 | 2022-08-23 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2022-2890 | Medium | 5.4 | 2022-08-22 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2022-1340 | Medium | 5.4 | 2022-08-22 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2021-4116 | Medium | 5.4 | 2021-12-15 | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CVE-2022-2885 | Medium | 4.8 | 2022-08-21 | Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
CVE-2021-4117 | Medium | 4.3 | 2021-12-15 | yetiforcecrm is vulnerable to Business Logic Errors |
CVE-2021-4111 | Medium | 4.3 | 2021-12-15 | yetiforcecrm is vulnerable to Business Logic Errors |
CVE-2021-4092 | Medium | 4.3 | 2021-12-11 | yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) |