Known Vulnerabilities for products from Vtiger

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vtiger".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-26460 json Not Provided 2026-04-13 2026-04-15
CVE-2026-23698 json Not Provided 2026-07-07 2026-07-07
CVE-2026-23697 json Not Provided 2026-07-07 2026-07-07
CVE-2025-70936 json Not Provided 2026-04-13 2026-04-14
CVE-2025-23455 json Not Provided 2025-01-16 2026-04-23
CVE-2024-44779 json A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows a... Not Provided 2024-08-29 2026-07-05
CVE-2024-44778 json A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows att... Not Provided 2024-08-29 2026-07-05
CVE-2024-44777 json A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attack... Not Provided 2024-08-29 2026-07-05
CVE-2024-44776 json An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious s... Not Provided 2024-08-29 2026-07-05
CVE-2023-38891 json SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQu... 8.8 - HIGH 2023-09-14 2023-09-20
CVE-2022-38335 json Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules... 5.4 - MEDIUM 2022-09-27 2022-09-29
CVE-2020-22807 json An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. 9.8 - CRITICAL 2021-04-29 2021-05-19
CVE-2020-19363 json Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. 6.5 - MEDIUM 2021-01-20 2021-01-22
CVE-2020-19362 json Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing ma... 6.1 - MEDIUM 2021-01-20 2021-01-22
CVE-2019-19202 json In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change... 8.8 - HIGH 2019-11-21 2019-12-04
CVE-2019-11057 json SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. 8.8 - HIGH 2019-05-17 2023-11-07
CVE-2019-5009 json Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded fi... 7.2 - HIGH 2019-01-04 2019-10-24
CVE-2018-8047 json vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably p... 6.1 - MEDIUM 2019-06-06 2019-06-07
CVE-2016-10754 json modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter. 8.8 - HIGH 2019-05-24 2019-05-29
CVE-2016-4834 json modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows rem... Not Provided 2016-08-01 2026-05-06

Known software with vulnerabilities from Vtiger

Type Vendor Product Version
ApplicationVtigerCrm6.4.0
ApplicationVtigerVtiger Crm1.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report