This page aggregates publicly disclosed CVE and security risk information related to 1crm, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-15958 | An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL. | [email protected] | 8.6 | 0.94% | 2020-09-18 | 2024-11-21 |
| CVE-2019-14221 | 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. | [email protected] | 5.4 | 0.22% | 2019-08-08 | 2024-11-21 |