yetiforcecompany yetiforcecompany/yetiforcecrm vunspecified - 17 CVEs

CVE-2022-3002

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

MEDIUM CVSS 5.4 Published Oct 06, 2022

CVE-2022-3005

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

MEDIUM CVSS 5.4 Published Sep 20, 2022

CVE-2022-3004

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

MEDIUM CVSS 6.3 Published Sep 20, 2022

CVE-2022-3000

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

MEDIUM CVSS 6.3 Published Sep 20, 2022

CVE-2022-2924

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.

HIGH CVSS 7.1 Published Sep 20, 2022

CVE-2022-2829

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

HIGH CVSS 8.8 Published Aug 23, 2022

CVE-2022-2890

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

CRITICAL CVSS 9.0 Published Aug 22, 2022

CVE-2022-1340

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

HIGH CVSS 7.0 Published Aug 22, 2022

CVE-2022-2885

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

MEDIUM CVSS 6.7 Published Aug 21, 2022

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.

CRITICAL CVSS 9.1 Published May 05, 2022