|
224241
|
8.8 |
HIGH
Network
|
espocrm
|
espocrm
|
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filter…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-14351
|
2024-11-21 13:26 |
2019-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224242
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/Kn…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14350
|
2024-11-21 13:26 |
2019-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224243
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14349
|
2024-11-21 13:26 |
2019-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224244
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contai…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14331
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224245
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contai…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14330
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224246
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain Java…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14329
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224247
|
8.8 |
HIGH
Network
|
simple-membership-plugin
|
simple_membership
|
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
|
CWE-352
Origin Validation Error
|
CVE-2019-14328
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224248
|
7.5 |
HIGH
Network
|
simple_service_discovery_protocol_responder_project
|
simple_service_discovery_protocol_responder
|
SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is …
|
CWE-787
CWE-193
Out-of-bounds Write
Off-by-one Error
|
CVE-2019-14323
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224249
|
7.5 |
HIGH
Network
|
palletsprojects
|
werkzeug
|
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
|
CWE-22
Path Traversal
|
CVE-2019-14322
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224250
|
6.1 |
MEDIUM
Network
|
sunhater
|
kcfinder
|
A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditor…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14315
|
2024-11-21 13:26 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
