Radosław Skrzypczak

8 exploits Active since Dec 2021
CVE-2021-4111 WRITEUP MEDIUM WRITEUP
Yetiforce CRM < 6.3.0 - Business Logic Errors
yetiforcecrm is vulnerable to Business Logic Errors
CVSS 4.3
CVE-2021-4121 WRITEUP MEDIUM WRITEUP
Yetiforce CRM < 6.3.0 - Stored Cross-Site Scripting
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 6.1
CVE-2022-0269 WRITEUP HIGH WRITEUP
yetiforce/yetiforce-crm <6.3.0 - CSRF
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVSS 8.0
CVE-2022-2924 WRITEUP MEDIUM WRITEUP
Yetiforce CRM < 6.3.0 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
CVSS 5.4
CVE-2022-3000 WRITEUP MEDIUM WRITEUP
yetiforcecompany/yetiforcecrm <6.4.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS 5.4
CVE-2022-3004 WRITEUP MEDIUM WRITEUP
yetiforcecompany/yetiforcecrm <6.4.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS 5.4
CVE-2022-3005 WRITEUP MEDIUM WRITEUP
yetiforcecompany/yetiforcecrm <6.4.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS 5.4
CVE-2023-49508 WRITEUP MEDIUM WRITEUP
YetiForceCRM < 6.5.0 - Authenticated Path Traversal via LibraryLicense.php License Parameter
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.
CVSS 6.5