CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Espocrm: >> Espocrm >> 2.5.2 Security Vulnerabilities

CVE-2014-7986

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.

CVSS Score

5.0

EPSS Score

0.006

Published

2014-10-31

CVE-2014-7987

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.

CVSS Score

4.3

EPSS Score

0.003

Published

2014-10-31

Page 3

Vulnerabilities

Vulnerable Software

Espocrm: >> Espocrm >> 2.5.2 Security Vulnerabilities

Products

Pricing

Contact Us