bottelet/flarepoint
Packagist5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting bottelet/flarepointpage 1 of 1
- CVE-2022-22107MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.2.12022-01-05
vulnerable: 2.0.0, 2.1.0, 2.2.0
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. …
- CVE-2022-22108MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.2.12022-01-05
vulnerable: 2.0.0, 2.1.0, 2.2.0
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This…
- CVE-2022-22109MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.2.12022-01-05
vulnerable: 1.1 ... V1 (20 versions)
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim…
- CVE-2022-22110HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.12022-01-05
vulnerable: 1.1 ... 2.2.0 (19 versions)
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single char…
- CVE-2022-22111HIGHCVSS 8.8EG 8.8✓ Fixed in 2.2.12022-01-05
vulnerable: 1.1 ... V1 (20 versions)
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allo…
Check whether bottelet/flarepoint is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bottelet/flarepoint CVEs against the assets you own.
Start Free Scan →