Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45753 | 1 Vtiger | 1 Vtiger Crm | 2025-06-10 | N/A | N/A |
| A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. | |||||
| CVE-2025-45755 | 1 Vtiger | 1 Vtiger Crm | 2025-06-10 | N/A | N/A |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution. | |||||
| CVE-2022-38335 | 1 Vtiger | 1 Vtiger Crm | 2025-05-21 | N/A | 5.4 MEDIUM |
| Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | |||||
| CVE-2024-42994 | 1 Vtiger | 1 Vtiger Crm | 2025-04-28 | N/A | N/A |
| VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. | |||||
| CVE-2024-42995 | 1 Vtiger | 1 Vtiger Crm | 2025-04-28 | N/A | N/A |
| VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. | |||||
| CVE-2023-46304 | 1 Vtiger | 1 Vtiger Crm | 2025-04-22 | N/A | N/A |
| modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load). | |||||
| CVE-2024-54687 | 1 Vtiger | 1 Vtiger Crm | 2025-04-17 | N/A | N/A |
| Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. | |||||
| CVE-2024-44776 | 1 Vtiger | 1 Vtiger Crm | 2025-03-25 | N/A | 6.1 MEDIUM |
| An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. | |||||
| CVE-2024-48119 | 1 Vtiger | 1 Vtiger Crm | 2024-10-30 | N/A | 5.4 MEDIUM |
| Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML. | |||||
| CVE-2024-44778 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-44779 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-44777 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2013-7326 | 1 Vtiger | 1 Vtiger Crm | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. | |||||
| CVE-2019-11057 | 1 Vtiger | 1 Vtiger Crm | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. | |||||
| CVE-2008-3101 | 1 Vtiger | 1 Vtiger Crm | 2023-11-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. | |||||
| CVE-2020-22807 | 1 Vtiger | 1 Vtiger Crm | 2021-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | |||||
| CVE-2016-4834 | 1 Vtiger | 1 Vtiger Crm | 2021-05-14 | 5.5 MEDIUM | 8.1 HIGH |
| modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. | |||||
| CVE-2020-19362 | 1 Vtiger | 1 Vtiger Crm | 2021-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | |||||
| CVE-2020-19363 | 1 Vtiger | 1 Vtiger Crm | 2021-01-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | |||||
| CVE-2013-3591 | 1 Vtiger | 1 Vtiger Crm | 2020-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability | |||||