pkg:Packagist/krayin/laravel-crm

9 total CVEsHIGH5MEDIUM3LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-38529Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php
    from 0, <= 2.2.0
  • HIGH8.5CVE-2026-38527Webkul Krayin CRM has Server-Side Request Forgery (SSRF)
    from 0, <= 2.2.0
  • HIGH8.1CVE-2026-36340Krayin CRM allows a remote attacker to execute arbitrary code via compose email function
    >= 2.1.5, < 2.1.6
  • HIGH8.1CVE-2026-38532Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php
    from 0, <= 2.2.0
  • HIGH8.1CVE-2026-38530Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
    from 0, <= 2.2.0
  • MEDIUM6.1CVE-2021-41924Cross-site Scripting in krayin/laravel-crm
    from 0, < 1.2.2
  • MEDIUM5.4CVE-2026-36341Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint
    >= 2.1.5, < 2.1.6
  • MEDIUM4.8CVE-2024-45932Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
    from 0, <= 1.3.0
  • LOW3.5CVE-2026-5370Krayin CRM is vulnerable to Cross-site Scripting (XSS)
    from 0, <= 2.2.0