Filtered by vendor Webkul
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52305 | 2 Unopim, Webkul | 2 Unopim, Unopim | 2024-11-19 | 6.5 Medium |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5. | ||||
| CVE-2024-45932 | 1 Webkul | 1 Krayin Crm | 2024-10-11 | 7.1 High |
| Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. | ||||
| CVE-2024-46366 | 1 Webkul | 1 Krayin Crm | 2024-09-30 | 8.8 High |
| A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system. | ||||
| CVE-2024-46367 | 1 Webkul | 1 Krayin Crm | 2024-09-30 | 9.6 Critical |
| A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system. | ||||