Daybydaycrm Daybyday Crm
By the Year
In 2024 there have been 0 vulnerabilities in Daybydaycrm Daybyday Crm . Daybyday Crm did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 5 | 6.06 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Daybyday Crm vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Daybydaycrm Daybyday Crm Security Vulnerabilities
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization
CVE-2022-22111
8.8 - High
- January 05, 2022
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrators. This allows the attacker to gain access to the highest privileged user in the application.
AuthZ
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality
CVE-2022-22110
7.5 - High
- January 05, 2022
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users passwords with minimal to no computational effort.
Weak Password Requirements
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability
CVE-2022-22109
5.4 - Medium
- January 05, 2022
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victims browser when they open the /tasks page to view all the tasks.
XSS
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization
CVE-2022-22108
4.3 - Medium
- January 05, 2022
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.
AuthZ
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization
CVE-2022-22107
4.3 - Medium
- January 05, 2022
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Daybydaycrm Daybyday Crm or by Daybydaycrm? Click the Watch button to subscribe.