Espocrm: >> Espocrm >> 5.6.9 Security Vulnerabilities
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
CVSS Score
9.1
EPSS Score
0.012
Published
2023-11-30
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
CVSS Score
6.3
EPSS Score
0.002
Published
2021-08-04
Page 2