Security Advisories - yetiforce/yetiforce-crm

yetiforce/yetiforce-crm Security Advisories for 5.1.0 (16)

[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting

PKSA-1mjy-38h5-my7f CVE-2022-3002 GHSA-v9fj-h8g6-4w9q

Affected version: <=6.4.0

Reported by:
GitHub
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module

PKSA-54h1-gdcr-5mcv CVE-2022-2924 GHSA-2qf8-h7pr-x2r8

Affected version: <=6.4.0

Reported by:
GitHub
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module

PKSA-t3b1-cwzk-gsps CVE-2022-3000 GHSA-mqh9-5jp9-6799

Affected version: <=6.4.0

Reported by:
GitHub
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module

PKSA-m1h2-47p3-39p2 CVE-2022-3004 GHSA-qwc8-vjh3-gm2j

Affected version: <=6.4.0

Reported by:
GitHub
[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module

PKSA-yfhz-fhkc-j9kz CVE-2022-3005 GHSA-vx3x-hwph-grvw

Affected version: <=6.4.0

Reported by:
GitHub
[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm

PKSA-1954-ftgr-8px9 CVE-2022-1340 GHSA-w83m-rghh-frxj

Affected version: <6.4.0

Reported by:
GitHub
[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm

PKSA-y1t5-1x41-gqqr CVE-2022-2890 GHSA-jhxh-68jj-68c7

Affected version: <6.4.0

Reported by:
GitHub
[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm

PKSA-jz1g-kq4d-x2hh CVE-2022-2885 GHSA-rjvc-mf7r-ch7r

Affected version: <6.4.0

Reported by:
GitHub
[MEDIUM] Unrestricted Upload of File with Dangerous Type in yetiforce-crm

PKSA-1zw4-7tc2-bk2c CVE-2022-1411 GHSA-pqr6-3j58-9w58

Affected version: <6.4.0

Reported by:
GitHub
[HIGH] Cross-Site Request Forgery in yetiforce

PKSA-kh9r-3bt8-6cnk CVE-2022-0269 GHSA-7g7r-gr46-q4p5

Affected version: <=6.3.0

Reported by:
GitHub
[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting

PKSA-4m3s-992w-6nrq CVE-2021-4121 GHSA-j85f-xw9x-ffwp

Affected version: <=6.3.0

Reported by:
GitHub
[HIGH] YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number

PKSA-thkn-vr5y-wnx8 CVE-2021-4111 GHSA-7v7w-f7c6-f829

Affected version: <=6.3.0

Reported by:
GitHub
[MEDIUM] YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product

PKSA-5pn3-2wm5-23ny CVE-2021-4117 GHSA-cxg7-84wp-8pcq

Affected version: <=6.3.0

Reported by:
GitHub
[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting

PKSA-n518-35rx-dsz6 CVE-2021-4116 GHSA-fwh7-v4gf-xv7w

Affected version: <=6.3.0

Reported by:
GitHub
[MEDIUM] yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-v3w2-c5xg-6d9r CVE-2021-4092 GHSA-v4cr-m5f8-gxw8

Affected version: <6.3.0

Reported by:
GitHub
[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting

PKSA-hzvj-yrtm-wbcj CVE-2021-4107 GHSA-rp42-c45j-g46x

Affected version: <=6.3.0

Reported by:
GitHub

yetiforce/yetiforce-crm Security Advisories for 5.1.0 (16)

[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting

[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module

[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module

[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module

[MEDIUM] YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module

[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm

[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm

[MEDIUM] Cross site scripting in yetiforce/yetiforce-crm

[MEDIUM] Unrestricted Upload of File with Dangerous Type in yetiforce-crm

[HIGH] Cross-Site Request Forgery in yetiforce

[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting

[HIGH] YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number

[MEDIUM] YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product

[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting

[MEDIUM] yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] yetiforcecrm is vulnerable to Cross-site Scripting