Search criteria
6 vulnerabilities found for F-RevoCRM by Thinkingreed Inc.
CVE-2023-41150 (GCVE-0-2023-41150)
Vulnerability from cvelistv5 – Published: 2023-09-06 12:35 – Updated: 2024-09-26 19:46
VLAI?
Summary
F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Thinkingreed Inc. | F-RevoCRM |
Affected:
7.3 series prior to version7.3.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:03.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:46:21.442931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:46:35.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F-RevoCRM",
"vendor": "Thinkingreed Inc.",
"versions": [
{
"status": "affected",
"version": "7.3 series prior to version7.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T12:35:41.294Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41150",
"datePublished": "2023-09-06T12:35:41.294Z",
"dateReserved": "2023-08-24T00:34:39.254Z",
"dateUpdated": "2024-09-26T19:46:35.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41149 (GCVE-0-2023-41149)
Vulnerability from cvelistv5 – Published: 2023-09-06 12:35 – Updated: 2024-09-26 20:40
VLAI?
Summary
F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Thinkingreed Inc. | F-RevoCRM |
Affected:
version7.3.7 and version7.3.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:39:55.186689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:40:04.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F-RevoCRM ",
"vendor": "Thinkingreed Inc. ",
"versions": [
{
"status": "affected",
"version": "version7.3.7 and version7.3.8 "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T12:35:22.757Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41149",
"datePublished": "2023-09-06T12:35:22.757Z",
"dateReserved": "2023-08-24T00:34:39.254Z",
"dateUpdated": "2024-09-26T20:40:04.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6036 (GCVE-0-2019-6036)
Vulnerability from cvelistv5 – Published: 2020-01-27 09:35 – Updated: 2024-08-04 20:16
VLAI?
Summary
Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ThinkingReed inc. | F-RevoCRM |
Affected:
6.0 to F-RevoCRM 6.5 patch6 (version 6 series)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://f-revocrm.jp/2019/12/9393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN97325754/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-RevoCRM",
"vendor": "ThinkingReed inc.",
"versions": [
{
"status": "affected",
"version": "6.0 to F-RevoCRM 6.5 patch6 (version 6 series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://f-revocrm.jp/2019/12/9393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN97325754/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-RevoCRM",
"version": {
"version_data": [
{
"version_value": "6.0 to F-RevoCRM 6.5 patch6 (version 6 series)"
}
]
}
}
]
},
"vendor_name": "ThinkingReed inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://f-revocrm.jp/2019/12/9393",
"refsource": "MISC",
"url": "https://f-revocrm.jp/2019/12/9393"
},
{
"name": "http://jvn.jp/en/jp/JVN97325754/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN97325754/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6036",
"datePublished": "2020-01-27T09:35:26",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41150 (GCVE-0-2023-41150)
Vulnerability from nvd – Published: 2023-09-06 12:35 – Updated: 2024-09-26 19:46
VLAI?
Summary
F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Thinkingreed Inc. | F-RevoCRM |
Affected:
7.3 series prior to version7.3.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:03.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:46:21.442931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:46:35.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F-RevoCRM",
"vendor": "Thinkingreed Inc.",
"versions": [
{
"status": "affected",
"version": "7.3 series prior to version7.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T12:35:41.294Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41150",
"datePublished": "2023-09-06T12:35:41.294Z",
"dateReserved": "2023-08-24T00:34:39.254Z",
"dateUpdated": "2024-09-26T19:46:35.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41149 (GCVE-0-2023-41149)
Vulnerability from nvd – Published: 2023-09-06 12:35 – Updated: 2024-09-26 20:40
VLAI?
Summary
F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Thinkingreed Inc. | F-RevoCRM |
Affected:
version7.3.7 and version7.3.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:39:55.186689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:40:04.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F-RevoCRM ",
"vendor": "Thinkingreed Inc. ",
"versions": [
{
"status": "affected",
"version": "version7.3.7 and version7.3.8 "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T12:35:22.757Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://f-revocrm.jp/2023/08/9394/"
},
{
"url": "http://jvn.jp/en/jp/JVN78113802/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-41149",
"datePublished": "2023-09-06T12:35:22.757Z",
"dateReserved": "2023-08-24T00:34:39.254Z",
"dateUpdated": "2024-09-26T20:40:04.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6036 (GCVE-0-2019-6036)
Vulnerability from nvd – Published: 2020-01-27 09:35 – Updated: 2024-08-04 20:16
VLAI?
Summary
Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ThinkingReed inc. | F-RevoCRM |
Affected:
6.0 to F-RevoCRM 6.5 patch6 (version 6 series)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://f-revocrm.jp/2019/12/9393"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN97325754/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-RevoCRM",
"vendor": "ThinkingReed inc.",
"versions": [
{
"status": "affected",
"version": "6.0 to F-RevoCRM 6.5 patch6 (version 6 series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://f-revocrm.jp/2019/12/9393"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN97325754/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-RevoCRM",
"version": {
"version_data": [
{
"version_value": "6.0 to F-RevoCRM 6.5 patch6 (version 6 series)"
}
]
}
}
]
},
"vendor_name": "ThinkingReed inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://f-revocrm.jp/2019/12/9393",
"refsource": "MISC",
"url": "https://f-revocrm.jp/2019/12/9393"
},
{
"name": "http://jvn.jp/en/jp/JVN97325754/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN97325754/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6036",
"datePublished": "2020-01-27T09:35:26",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}