Vulnerabilities (CVE)

Filtered by vendor 1crm Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15958 1 1crm 1 1crm 2024-11-21 5.0 MEDIUM 8.6 HIGH
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.
CVE-2019-14221 1 1crm 1 1crm On-premise 2024-11-21 3.5 LOW 5.4 MEDIUM
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.