RSS   Vulnerabilities for
'Yetiforce customer relationship management'
   RSS

2022-05-05
 
CVE-2022-1411

CWE-434
 

 
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.

 
2022-01-24
 
CVE-2022-0269

CWE-352
 

 
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.

 
2021-12-16
 
CVE-2021-4121

CWE-79
 

 
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

 
2021-12-15
 
CVE-2021-4117

CWE-840
 

 
yetiforcecrm is vulnerable to Business Logic Errors

 
 
CVE-2021-4116

CWE-79
 

 
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

 
 
CVE-2021-4111

CWE-840
 

 
yetiforcecrm is vulnerable to Business Logic Errors

 
2021-12-14
 
CVE-2021-4107

CWE-79
 

 
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

 
2021-12-11
 
CVE-2021-4092

CWE-352
 

 
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)

 


Copyright 2022, cxsecurity.com

 

Back to Top