Known Vulnerabilities for products from Espocrm
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Espocrm".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33740 json | Not Provided | 2026-04-13 | 2026-04-13 | |
| CVE-2026-33659 json | Not Provided | 2026-04-13 | 2026-04-13 | |
| CVE-2026-33657 json | Not Provided | 2026-04-13 | 2026-04-13 | |
| CVE-2026-33534 json | Not Provided | 2026-04-13 | 2026-04-13 | |
| CVE-2023-5966 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2023-11-30 | 2023-12-06 |
| CVE-2023-5965 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2023-11-30 | 2023-12-06 |
| CVE-2022-38846 json | EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure c... | 5.9 - MEDIUM | 2022-09-16 | 2022-09-17 |
| CVE-2022-38845 json | Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser v... | 6.1 - MEDIUM | 2022-09-16 | 2023-08-08 |
| CVE-2022-38844 json | CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating conta... | 8 - HIGH | 2022-09-16 | 2022-09-17 |
| CVE-2022-38843 json | EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extensio... | 8.8 - HIGH | 2022-09-16 | 2022-09-17 |
| CVE-2021-3539 json | EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-suppl... | 5.4 - MEDIUM | 2021-08-04 | 2021-08-11 |
| CVE-2019-14550 json | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature p... | 5.4 - MEDIUM | 2019-08-05 | 2019-08-09 |
| CVE-2019-14549 json | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed en... | 5.4 - MEDIUM | 2019-08-05 | 2019-08-09 |
| CVE-2019-14548 json | An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articl... | 5.4 - MEDIUM | 2019-08-05 | 2019-08-09 |
| CVE-2019-14547 json | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with ma... | 5.4 - MEDIUM | 2019-08-05 | 2019-08-09 |
| CVE-2019-14546 json | An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an e... | 5.4 - MEDIUM | 2019-08-05 | 2019-08-14 |
| CVE-2019-14351 json | EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user pass... | 8.8 - HIGH | 2019-07-28 | 2020-08-24 |
| CVE-2019-14350 json | EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious ... | 6.1 - MEDIUM | 2019-07-28 | 2019-07-30 |
| CVE-2019-14349 json | EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document func... | 6.1 - MEDIUM | 2019-07-28 | 2019-07-30 |
| CVE-2019-14331 json | An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create ... | 6.1 - MEDIUM | 2019-07-28 | 2019-07-30 |
Known software with vulnerabilities from Espocrm
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Espocrm | Espocrm | 1.0.0 |