krayin/laravel-crm
Packagist9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting krayin/laravel-crmpage 1 of 1
- CVE-2021-41924MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.22022-06-21
vulnerable: v1.0.0 ... v1.2.1 (8 versions)
Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS).
- CVE-2024-45932MEDIUMCVSS 4.8EG 4.82024-10-07
vulnerable: v1.0.0 ... v1.3.0 (12 versions)
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
- CVE-2026-36340HIGHCVSS 8.1EG 8.1✓ Fixed in 2.1.62026-04-30
vulnerable: 2.1.5, v2.1.5
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function
- CVE-2026-36341MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.1.62026-05-07
vulnerable: 2.1.5, v2.1.5
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint
- CVE-2026-38527HIGHCVSS 8.5EG 8.52026-04-14
vulnerable: v1.0.0 ... v2.2.0 (28 versions)
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.
- CVE-2026-38529HIGHCVSS 8.8EG 8.82026-04-14
vulnerable: v1.0.0 ... v2.2.0 (28 versions)
A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a craf…
- CVE-2026-38530HIGHCVSS 8.1EG 8.12026-04-14
vulnerable: v1.0.0 ... v2.2.0 (28 versions)
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users vi…
- CVE-2026-38532HIGHCVSS 8.1EG 8.12026-04-14
vulnerable: v1.0.0 ... v2.2.0 (28 versions)
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other user…
- CVE-2026-5370LOWCVSS 3.5EG 3.52026-04-02
vulnerable: v1.0.0 ... v2.2.0 (28 versions)
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation …
Check whether krayin/laravel-crm is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for krayin/laravel-crm CVEs against the assets you own.
Start Free Scan →