Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CRM

YetiForce CRM

YetiForce is an open-source application that is constantly being improved by us and our community to help you run your company. Efficiency control multitasking innovation - this is what YetiForce can offer.YetiForce is a Polish product that keeps gaining more and more popularity abroad. Due to its rich and versatile functionalities YetiForce helps companies reach their full potential. The system was originally forked from Vtiger but because of numerous changes introduced over the span of several years it significantly differs from its predecessor.

Official Site:

https://yetiforce.com/en/

Severity Summary:

High: 1 Medium: 17
Reference
Title
Severity
CVE-2022-0269
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2022-3002
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-4117
YetiForce CRM Improper Input Validation Vulnerability
Medium
CVE-2021-4121
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-4111
YetiForce CRM Improper Input Validation Vulnerability
Medium
CVE-2021-4092
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2021-4116
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-4107
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-1411
YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability
Medium
CVE-2022-2924
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-2885
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-2829
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-3004
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-3005
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-3000
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-1340
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-2890
YetiForce CRM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-49508
YetiForce CRM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium