Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CRM

EspoCRM

EspoCRM is a web application that allows you to see enter and evaluate all your company relationships regardless of the type. People companies projects or opportunities all in an easy and intuitive interface.

Official Site:

https://www.espocrm.com/

Severity Summary:

Critical: 1 High: 6 Medium: 19 Low: 1
Reference
Title
Severity
CVE-2014-7985
EspoCRM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2025-32390
EspoCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2023-5966
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2023-5965
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2019-14351
EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability
High
CVE-2022-38844
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability
High
CVE-2022-38843
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2014-7987
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-46736
EspoCRM Server-Side Request Forgery (SSRF) Vulnerability
Medium
CVE-2022-38846
EspoCRM Cleartext Transmission of Sensitive Information Vulnerability
Medium
CVE-2022-38845
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability
Medium
CVE-2021-3539
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-7986
EspoCRM Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2019-14550
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14549
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-17302
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-13643
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14329
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14330
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14331
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14349
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14350
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14546
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14547
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-14548
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-17301
EspoCRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-32789
EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Low