Bounties
Partners
Community
Info
salesagility / suitecrm
Project repository
SuiteCRM - Open source CRM for the world
Submit a report
FIRST INTERACTION
WITHIN
1 DAY
REVIEW
WITHIN
39 DAYS
FIX
WITHIN
64 DAYS
Server-Side Request Forgery (SSRF)
Nov 14th 2023
shahzaibak96
•
Medium
Medium
•
CVE-2023-6124
CVE-2023-6124
JavaScript Code Execution in PDF
Nov 14th 2023
shahzaibak96
•
Medium
Medium
•
CVE-2023-6125
CVE-2023-6125
Unauthenticated Graphql Introspection Enabled
Oct 8th 2023
x3419
•
pending
Open Redirect / XSS via iframe with sandbox
Nov 14th 2023
x3419
•
informative
None
HTML injection in Tittle
Nov 14th 2023
nam-no
•
Medium
Medium
•
CVE-2023-6126
CVE-2023-6126
File Upload caused XSS (Import account)
Nov 14th 2023
nam-no
•
Medium
Medium
•
CVE-2023-6127
CVE-2023-6127
UI REDRESSING
Oct 4th 2023
tharunavula
•
pending
SQL Injection in opportunities module
Oct 3rd 2023
sarprt323
•
Medium
Medium
•
CVE-2023-5350
CVE-2023-5350
SQL Injection in opportunities module
Oct 3rd 2023
ghost
•
duplicate
Medium
Restricted LFI to Code Execution via SubpanelCreates.php
Nov 14th 2023
navsec
•
High
High
•
CVE-2023-6130
CVE-2023-6130
Reflected XSS via Upgrade Wizard
Nov 14th 2023
navsec
•
Medium
Medium
•
CVE-2023-6128
CVE-2023-6128
Arbitrary File Upload to RCE via Upgrade Wizard
Nov 14th 2023
navsec
•
High
High
•
CVE-2023-6131
CVE-2023-6131
Insufficient access control in the export functionality for the 'Groups' module...
Oct 3rd 2023
illume-security
•
High
High
•
CVE-2023-5353
CVE-2023-5353
Stored XSS in the Cases functionality
Oct 3rd 2023
illume-security
•
High
High
•
CVE-2023-5351
CVE-2023-5351
Host Header Injection in /legacy
Jun 24th 2023
tanish-mahajan
•
self closed
HTML Injection in Body, Header and Footer fields
May 5th 2023
ahmedgamal0011
•
self closed
Denial of Service
May 5th 2023
ahmedgamal0011
•
self closed
Input returned in response (reflected)
Dec 10th 2022
dmandefy
•
pending
Backup files visible in web server root directory
Dec 10th 2022
dmandefy
•
pending
Limited LFI via Path Traversal
Feb 25th 2023
cr4ckc4t
•
Medium
Medium
•
CVE-2023-1034
CVE-2023-1034
External service interaction (DNS)
Nov 28th 2022
dmandefy
•
pending
Multiple SQL Injections
May 2nd 2023
vautia
•
Medium
Medium
Reflected Cross-Site Scripting due to Improper Sanitization
May 2nd 2023
vautia
•
Critical
Critical
Remote Code Execution via LFI (Authenticated)
Jul 31st 2022
talhakarakumru
•
pending
By sending a payload, you can shut down the activity steam feature
Apr 5th 2022
lekhang123lc
•
pending
User can edit email template without privilege
Mar 24th 2022
lekhang123lc
•
pending
Improper Authorization
Mar 2nd 2022
faisalfs10x
•
Medium
•
$30
Medium
•
$30
•
CVE-2022-0756
CVE-2022-0756
Improper Access Control
Mar 2nd 2022
faisalfs10x
•
High
•
$30
High
•
$30
•
CVE-2022-0755
CVE-2022-0755
SQL Injection
Mar 2nd 2022
faisalfs10x
•
High
•
$30
High
•
$30
•
CVE-2022-0754
CVE-2022-0754
Open Redirect
Sep 1st 2021
mdakh404
•
pending
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
