yetiforce/yetiforce-crm Security Advisories for 4.4.0_RC2 (16)
-
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting
PKSA-1mjy-38h5-my7f CVE-2022-3002 GHSA-v9fj-h8g6-4w9q
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module
PKSA-54h1-gdcr-5mcv CVE-2022-2924 GHSA-2qf8-h7pr-x2r8
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module
PKSA-t3b1-cwzk-gsps CVE-2022-3000 GHSA-mqh9-5jp9-6799
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
PKSA-m1h2-47p3-39p2 CVE-2022-3004 GHSA-qwc8-vjh3-gm2j
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
PKSA-yfhz-fhkc-j9kz CVE-2022-3005 GHSA-vx3x-hwph-grvw
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm
PKSA-1954-ftgr-8px9 CVE-2022-1340 GHSA-w83m-rghh-frxj
Affected version: <6.4.0
Reported by:
GitHub -
[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm
PKSA-y1t5-1x41-gqqr CVE-2022-2890 GHSA-jhxh-68jj-68c7
Affected version: <6.4.0
Reported by:
GitHub -
[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm
PKSA-jz1g-kq4d-x2hh CVE-2022-2885 GHSA-rjvc-mf7r-ch7r
Affected version: <6.4.0
Reported by:
GitHub -
[MEDIUM] Unrestricted Upload of File with Dangerous Type in yetiforce-crm
PKSA-1zw4-7tc2-bk2c CVE-2022-1411 GHSA-pqr6-3j58-9w58
Affected version: <6.4.0
Reported by:
GitHub -
[HIGH] Cross-Site Request Forgery in yetiforce
PKSA-kh9r-3bt8-6cnk CVE-2022-0269 GHSA-7g7r-gr46-q4p5
Affected version: <=6.3.0
Reported by:
GitHub -
[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting
PKSA-4m3s-992w-6nrq CVE-2021-4121 GHSA-j85f-xw9x-ffwp
Affected version: <=6.3.0
Reported by:
GitHub -
[HIGH] YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
PKSA-thkn-vr5y-wnx8 CVE-2021-4111 GHSA-7v7w-f7c6-f829
Affected version: <=6.3.0
Reported by:
GitHub -
[MEDIUM] YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
PKSA-5pn3-2wm5-23ny CVE-2021-4117 GHSA-cxg7-84wp-8pcq
Affected version: <=6.3.0
Reported by:
GitHub -
[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting
PKSA-n518-35rx-dsz6 CVE-2021-4116 GHSA-fwh7-v4gf-xv7w
Affected version: <=6.3.0
Reported by:
GitHub -
[MEDIUM] yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
PKSA-v3w2-c5xg-6d9r CVE-2021-4092 GHSA-v4cr-m5f8-gxw8
Affected version: <6.3.0
Reported by:
GitHub -
[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting
PKSA-hzvj-yrtm-wbcj CVE-2021-4107 GHSA-rp42-c45j-g46x
Affected version: <=6.3.0
Reported by:
GitHub