yetiforce/yetiforce-crm
Packagist17 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting yetiforce/yetiforce-crmpage 1 of 1
- CVE-2021-4092MEDIUMCVSS 4.3EG 4.3✓ Fixed in 6.3.02021-12-11
vulnerable: 4.0.0 ... 6.2.0 (16 versions)
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-4107MEDIUMCVSS 6.1EG 5.32021-12-14
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4111MEDIUMCVSS 4.3EG 7.32021-12-15
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
yetiforcecrm is vulnerable to Business Logic Errors
- CVE-2021-4116MEDIUMCVSS 5.4EG 6.62021-12-15
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4117MEDIUMCVSS 4.3EG 4.32021-12-15
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
yetiforcecrm is vulnerable to Business Logic Errors
- CVE-2021-4121MEDIUMCVSS 6.1EG 6.42021-12-16
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2022-0269HIGHCVSS 8.0EG 8.02022-01-24
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
- CVE-2022-1340MEDIUMCVSS 5.4EG 5.4✓ Fixed in 6.4.02022-08-22
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-1411MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.4.02022-05-05
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to …
- CVE-2022-2885MEDIUMCVSS 4.8EG 4.8✓ Fixed in 6.4.02022-08-21
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-2890MEDIUMCVSS 5.4EG 5.4✓ Fixed in 6.4.02022-08-22
vulnerable: 4.0.0 ... 6.3.0 (17 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-2924MEDIUMCVSS 5.4EG 5.42022-09-20
vulnerable: 4.0.0 ... 6.4.0 (18 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
- CVE-2022-3000MEDIUMCVSS 5.4EG 5.42022-09-20
vulnerable: 4.0.0 ... 6.4.0 (18 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-3002MEDIUMCVSS 5.4EG 5.42022-10-06
vulnerable: 4.0.0 ... 6.4.0 (18 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-3004MEDIUMCVSS 5.4EG 5.42022-09-20
vulnerable: 4.0.0 ... 6.4.0 (18 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2022-3005MEDIUMCVSS 5.4EG 5.42022-09-20
vulnerable: 4.0.0 ... 6.4.0 (18 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
- CVE-2023-49508MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.5.02024-02-16
vulnerable: 4.0.0 ... 6.4.0 (18 versions)
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.
Check whether yetiforce/yetiforce-crm is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for yetiforce/yetiforce-crm CVEs against the assets you own.
Start Free Scan →