📦 Vtiger Crm

by Vtiger

🔍 What is Vtiger Crm?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2024-44777

CRITICAL CVSS 9.6 Aug 29, 2024

A reflected cross-site scripting vulnerability in vTiger CRM 7.4.0 allows attackers to inject malicious scripts via the tag parameter. When exploited, this enables arbitrary code execution in users' b...

CVE-2024-44779

CRITICAL CVSS 9.6 Aug 29, 2024

This reflected cross-site scripting (XSS) vulnerability in vTiger CRM 7.4.0 allows attackers to inject malicious scripts via the viewname parameter. When exploited, it enables arbitrary code execution...

CVE-2020-22807

CRITICAL CVSS 9.8 Apr 29, 2021

CVE-2020-22807 is a critical SQL injection vulnerability in vtiger CRM's calendar export feature that allows attackers to execute arbitrary SQL commands. This affects vtiger CRM 7.2 installations, pot...

CVE-2024-42995

HIGH CVSS 8.3 Aug 16, 2024

This vulnerability allows low-privileged users in VTiger CRM to bypass authorization checks and disable arbitrary modules via the Migration administrative module. It affects all VTiger CRM installatio...

CVE-2023-46304

HIGH CVSS 8.1 Apr 30, 2024

CVE-2023-46304 is a remote code execution vulnerability in Vtiger CRM 7.5.0 where authenticated attackers can write arbitrary PHP code to config.inc.php, which executes on every page load. This allows...

CVE-2023-38891

HIGH CVSS 8.8 Sep 14, 2023

This SQL injection vulnerability in Vtiger CRM v7.5.0 allows authenticated remote attackers to execute arbitrary SQL commands via the getQueryColumnsList function in ReportRun.php. This can lead to pr...

CVE-2025-45755

MEDIUM CVSS 6.1 May 21, 2025

A stored cross-site scripting vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows attackers to inject malicious scripts via CSV file uploads in the Services Import feature. The vulnerability...

CVE-2025-1618

MEDIUM CVSS 4.3 Feb 24, 2025

This vulnerability in vTiger CRM allows attackers to inject malicious scripts via the _operation parameter in the Mobile module, leading to cross-site scripting (XSS). It affects vTiger CRM versions 6...

CVE-2024-48119

MEDIUM CVSS 5.4 Oct 14, 2024

Vtiger CRM v8.2.0 contains an HTML injection vulnerability in the module parameter that allows authenticated users to inject arbitrary HTML content. This could lead to phishing attacks, session hijack...

CVE-2024-44776

MEDIUM CVSS 6.1 Aug 29, 2024

An open redirect vulnerability in vTiger CRM v7.4.0 allows attackers to craft malicious URLs that redirect users to untrusted external sites. This affects all users of vTiger CRM v7.4.0 who click on m...