Salesagility: >> Suitecrm Security Vulnerabilities
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-06
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-10-02
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-10-02
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-30
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-09-27
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-07
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-07
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-07
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-07
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-05