Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22109 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 3.5 LOW | 5.4 MEDIUM |
| In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks. | |||||
| CVE-2022-22108 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information. | |||||
| CVE-2022-22107 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all. | |||||