Known Vulnerabilities for products from Vtiger
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vtiger".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-26460 json | Not Provided | 2026-04-13 | 2026-04-15 | |
| CVE-2026-23698 json | Not Provided | 2026-07-07 | 2026-07-07 | |
| CVE-2026-23697 json | Not Provided | 2026-07-07 | 2026-07-07 | |
| CVE-2025-70936 json | Not Provided | 2026-04-13 | 2026-04-14 | |
| CVE-2025-23455 json | Not Provided | 2025-01-16 | 2026-04-23 | |
| CVE-2024-44779 json | A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows a... | Not Provided | 2024-08-29 | 2026-07-05 |
| CVE-2024-44778 json | A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows att... | Not Provided | 2024-08-29 | 2026-07-05 |
| CVE-2024-44777 json | A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attack... | Not Provided | 2024-08-29 | 2026-07-05 |
| CVE-2024-44776 json | An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious s... | Not Provided | 2024-08-29 | 2026-07-05 |
| CVE-2023-38891 json | SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQu... | 8.8 - HIGH | 2023-09-14 | 2023-09-20 |
| CVE-2022-38335 json | Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules... | 5.4 - MEDIUM | 2022-09-27 | 2022-09-29 |
| CVE-2020-22807 json | An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | 9.8 - CRITICAL | 2021-04-29 | 2021-05-19 |
| CVE-2020-19363 json | Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | 6.5 - MEDIUM | 2021-01-20 | 2021-01-22 |
| CVE-2020-19362 json | Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing ma... | 6.1 - MEDIUM | 2021-01-20 | 2021-01-22 |
| CVE-2019-19202 json | In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change... | 8.8 - HIGH | 2019-11-21 | 2019-12-04 |
| CVE-2019-11057 json | SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. | 8.8 - HIGH | 2019-05-17 | 2023-11-07 |
| CVE-2019-5009 json | Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded fi... | 7.2 - HIGH | 2019-01-04 | 2019-10-24 |
| CVE-2018-8047 json | vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably p... | 6.1 - MEDIUM | 2019-06-06 | 2019-06-07 |
| CVE-2016-10754 json | modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter. | 8.8 - HIGH | 2019-05-24 | 2019-05-29 |
| CVE-2016-4834 json | modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows rem... | Not Provided | 2016-08-01 | 2026-05-06 |
Known software with vulnerabilities from Vtiger
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Vtiger | Crm | 6.4.0 |
| Application | Vtiger | Vtiger Crm | 1.0 |