Shodan
Vulnerabilities
Vulnerable Software
Salesagility:  >> Suitecrm  >> 7.10.0  Security Vulnerabilities
CVE-2021-31792
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
CVSS Score
5.4
EPSS Score
0.004
Published
2021-04-30
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-11-18
CVE-2020-15300
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-18
CVE-2020-15301
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-11-18
CVE-2020-28328
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
CVSS Score
8.8
EPSS Score
0.495
Published
2020-11-06
CVE-2019-18782
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-20
CVE-2020-8787
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-03-16
CVE-2020-8783
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
CVE-2020-8784
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
CVE-2020-8785
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved