CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vtenext: Security Vulnerabilities

CVE-2020-10227

A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.

CVSS Score

6.1

EPSS Score

0.005

Published

2020-09-14

CVE-2020-10228

A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.

CVSS Score

8.8

EPSS Score

0.07

Published

2020-09-14

CVE-2020-10229

A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.

CVSS Score

8.8

EPSS Score

0.003

Published

2020-09-14

Page 1

Vulnerabilities

Vulnerable Software

Vtenext: Security Vulnerabilities

Products

Pricing

Contact Us