Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Salesagility Subscribe
Filtered by product Suitecrm
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39267 1 Salesagility 1 Suitecrm 2021-08-24 4.3 MEDIUM 6.1 MEDIUM
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution (such as text/xml) are not blocked.
CVE-2018-20816 1 Salesagility 1 Suitecrm 2021-07-22 4.3 MEDIUM 6.1 MEDIUM
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
CVE-2019-16922 1 Salesagility 1 Suitecrm 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
CVE-2020-8801 1 Salesagility 1 Suitecrm 2021-07-21 6.5 MEDIUM 7.2 HIGH
SuiteCRM through 7.11.11 allows PHAR Deserialization.
CVE-2021-31792 1 Salesagility 1 Suitecrm 2021-05-03 3.5 LOW 5.4 MEDIUM
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
CVE-2020-15301 1 Salesagility 1 Suitecrm 2020-12-02 6.8 MEDIUM 7.8 HIGH
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
CVE-2020-15300 1 Salesagility 1 Suitecrm 2020-12-01 5.8 MEDIUM 6.1 MEDIUM
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
CVE-2020-14208 1 Salesagility 1 Suitecrm 2020-11-20 3.5 LOW 5.4 MEDIUM
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.
CVE-2019-14454 1 Salesagility 1 Suitecrm 2020-08-24 7.5 HIGH 9.8 CRITICAL
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
CVE-2015-5947 1 Salesagility 1 Suitecrm 2020-06-12 6.8 MEDIUM 8.1 HIGH
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
CVE-2019-18782 1 Salesagility 1 Suitecrm 2020-04-01 5.0 MEDIUM 5.3 MEDIUM
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
CVE-2020-8787 1 Salesagility 1 Suitecrm 2020-03-18 5.0 MEDIUM 7.5 HIGH
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
CVE-2020-8786 1 Salesagility 1 Suitecrm 2020-03-18 7.5 HIGH 9.8 CRITICAL
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
CVE-2020-8784 1 Salesagility 1 Suitecrm 2020-03-18 7.5 HIGH 9.8 CRITICAL
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
CVE-2020-8785 1 Salesagility 1 Suitecrm 2020-03-18 7.5 HIGH 9.8 CRITICAL
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
CVE-2020-8783 1 Salesagility 1 Suitecrm 2020-03-18 7.5 HIGH 9.8 CRITICAL
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
CVE-2020-8804 1 Salesagility 1 Suitecrm 2020-02-25 4.0 MEDIUM 6.5 MEDIUM
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
CVE-2020-8803 1 Salesagility 1 Suitecrm 2020-02-19 7.5 HIGH 9.8 CRITICAL
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
CVE-2020-8802 1 Salesagility 1 Suitecrm 2020-02-19 7.5 HIGH 9.8 CRITICAL
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
CVE-2020-8800 1 Salesagility 1 Suitecrm 2020-02-19 6.5 MEDIUM 8.8 HIGH
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.