Zurmo: >> Zurmo Crm Security Vulnerabilities
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-07
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-31
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-11-06
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
CVSS Score
4.8
EPSS Score
0.001
Published
2017-11-06
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
CVSS Score
5.4
EPSS Score
0.009
Published
2017-04-14
Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-07-02