Known Vulnerabilities for products from Zurmo
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Zurmo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-14472 json | Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | 6.1 - MEDIUM | 2019-08-01 | 2019-08-05 |
| CVE-2018-19596 json | Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. | 4.8 - MEDIUM | 2018-12-19 | 2023-11-07 |
| CVE-2018-19506 json | Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/de... | 4.8 - MEDIUM | 2018-12-19 | 2019-02-26 |
| CVE-2018-16654 json | Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. | 6.1 - MEDIUM | 2018-09-07 | 2018-11-02 |
| CVE-2017-18004 json | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | Not Provided | 2017-12-31 | 2025-04-20 |
| CVE-2017-16569 json | An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/... | Not Provided | 2017-11-06 | 2025-04-20 |
| CVE-2017-15039 json | Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/m... | Not Provided | 2017-11-06 | 2025-04-20 |
| CVE-2017-7188 json | Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the ... | Not Provided | 2017-04-14 | 2025-04-20 |
| CVE-2015-5365 json | Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script ... | Not Provided | 2015-07-02 | 2026-05-06 |