pkg:Bitnami/espocrm

All known vulnerabilities

• HIGH8.8CVE-2022-38843EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the serve…
  >= 7.1.8, <= 7.1.8
• HIGH8.0CVE-2022-38844CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with paylo…
  >= 7.1.8, <= 7.1.8
• HIGH7.2CVE-2023-5965An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, whic…
  from 0, < 7.5.2
• HIGH7.2CVE-2023-5966An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deploym…
  from 0, < 7.5.2
• MEDIUM6.5CVE-2023-46736EspoCRM is an Open Source CRM (Customer Relationship Management) software.
  from 0, < 8.0.2
• MEDIUM6.1CVE-2022-38845Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending cra…
  >= 7.1.8, <= 7.1.8
• MEDIUM5.9CVE-2024-24818EspoCRM is an Open Source Customer Relationship Management software.
  from 0, < 8.1.2
• MEDIUM5.9CVE-2022-38846EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP).
  >= 7.1.8, <= 7.1.8
• MEDIUM5.4CVE-2021-3539EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar ima…
  from 0, < 6.1.6