Fatfreecrm Fat Free Crm — known CVE vulnerabilities
Every CVE whose affected-product data names Fatfreecrm Fat Free Crm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2015-1585 — CVSS 6.8 (medium): Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the…
CVE-2013-7223 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the…
CVE-2013-7225 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users…
CVE-2019-10226 — CVSS 5.4 (medium): HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI…
CVE-2013-7249 — CVSS 5.0 (medium): Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct…
CVE-2013-7224 — CVSS 5.0 (medium): Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct…
CVE-2013-7222 — CVSS 5.0 (medium): config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which…
CVE-2014-5441 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote…