Yetiforce Yetiforce_customer_relationship_management

18 CVEs affecting Yetiforce Yetiforce_customer_relationship_management. Latest disclosed: 2024-02-16. Critical: 0, High: 1.

Top CVEs affecting Yetiforce Yetiforce_customer_relationship_management
CVESeverityScorePublishedSummary
CVE-2022-0269High8.02022-01-24Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVE-2023-49508Medium6.52024-02-16Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive informa…
CVE-2022-1411Medium6.12022-05-05Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retriev…
CVE-2021-4121Medium6.12021-12-16yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4107Medium6.12021-12-14yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-3002Medium5.42022-10-06Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3005Medium5.42022-09-20Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3004Medium5.42022-09-20Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3000Medium5.42022-09-20Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2924Medium5.42022-09-20Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
CVE-2022-2829Medium5.42022-08-23Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2890Medium5.42022-08-22Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1340Medium5.42022-08-22Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2021-4116Medium5.42021-12-15yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-2885Medium4.82022-08-21Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2021-4117Medium4.32021-12-15yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4111Medium4.32021-12-15yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4092Medium4.32021-12-11yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)