Yetiforce: Security Vulnerabilities
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-05-05
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVSS Score
8.0
EPSS Score
0.001
Published
2022-01-24
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.4
EPSS Score
0.002
Published
2021-12-16
yetiforcecrm is vulnerable to Business Logic Errors
CVSS Score
7.7
EPSS Score
0.002
Published
2021-12-15
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.6
EPSS Score
0.001
Published
2021-12-15
yetiforcecrm is vulnerable to Business Logic Errors
CVSS Score
7.3
EPSS Score
0.002
Published
2021-12-15
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.3
EPSS Score
0.003
Published
2021-12-14
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-12-11
Page 2