|
222751
|
7.8 |
HIGH
Local
|
joget
|
worfklow
|
In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2019-14352
|
2024-11-21 13:26 |
2019-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222752
|
8.8 |
HIGH
Network
|
espocrm
|
espocrm
|
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filter…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-14351
|
2024-11-21 13:26 |
2019-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222753
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/Kn…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14350
|
2024-11-21 13:26 |
2019-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222754
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14349
|
2024-11-21 13:26 |
2019-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222755
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contai…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14331
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222756
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contai…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14330
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222757
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain Java…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14329
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222758
|
8.8 |
HIGH
Network
|
simple-membership-plugin
|
simple_membership
|
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
|
CWE-352
Origin Validation Error
|
CVE-2019-14328
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222759
|
7.5 |
HIGH
Network
|
simple_service_discovery_protocol_responder_project
|
simple_service_discovery_protocol_responder
|
SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is …
|
CWE-787
CWE-193
Out-of-bounds Write
Off-by-one Error
|
CVE-2019-14323
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222760
|
7.5 |
HIGH
Network
|
palletsprojects
|
werkzeug
|
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
|
CWE-22
Path Traversal
|
CVE-2019-14322
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
