Filtered by vendor Daybydaycrm
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22112 | 1 Daybydaycrm | 1 Daybyday | 2022-01-20 | 3.5 LOW | 5.4 MEDIUM |
| In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser. | |||||
| CVE-2022-22109 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 3.5 LOW | 5.4 MEDIUM |
| In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks. | |||||
| CVE-2022-22108 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information. | |||||
| CVE-2022-22107 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all. | |||||
| CVE-2020-35704 | 1 Daybydaycrm | 1 Daybyday | 2020-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. | |||||
| CVE-2020-35707 | 1 Daybydaycrm | 1 Daybyday | 2020-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. | |||||
| CVE-2020-35706 | 1 Daybydaycrm | 1 Daybyday | 2020-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. | |||||
| CVE-2020-35705 | 1 Daybydaycrm | 1 Daybyday | 2020-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. | |||||