krayin/laravel-crm Security Advisories (9)
-
[MEDIUM] Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint
PKSA-bfyk-wk4r-cjz9 CVE-2026-36341 GHSA-j822-46r5-h4qx
Affected version: =2.1.5
Reported by:
GitHub -
[HIGH] Krayin CRM allows a remote attacker to execute arbitrary code via compose email function
PKSA-vkyr-b96k-z2ks CVE-2026-36340 GHSA-32px-ccfx-cxq3
Affected version: =2.1.5
Reported by:
GitHub -
[HIGH] Webkul Krayin CRM has Server-Side Request Forgery (SSRF)
PKSA-gcg3-xvcm-8tz7 CVE-2026-38527 GHSA-fpx9-9hq8-w2xc
Affected version: <=2.2.0
Reported by:
GitHub -
[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php
PKSA-5xsp-55yb-hdyp CVE-2026-38529 GHSA-r8rp-5f55-5j9x
Affected version: <=2.2.0
Reported by:
GitHub -
[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
PKSA-y1wv-79ht-f4db CVE-2026-38530 GHSA-rm5f-3c25-p4cw
Affected version: <=2.2.0
Reported by:
GitHub -
[HIGH] Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php
PKSA-2w9z-jxqd-y35k CVE-2026-38532 GHSA-2xx8-j85v-j7wh
Affected version: <=2.2.0
Reported by:
GitHub -
[LOW] Krayin CRM is vulnerable to Cross-site Scripting (XSS)
PKSA-9rzv-szxy-ckw5 CVE-2026-5370 GHSA-9m2v-hc5g-5jpv
Affected version: <=2.2.0
Reported by:
GitHub -
[MEDIUM] Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
PKSA-qnd9-s6pr-8wy5 CVE-2024-45932 GHSA-74q2-6jp4-3rqq
Affected version: <=1.3.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in krayin/laravel-crm
PKSA-sggn-xz1p-gyf3 CVE-2021-41924 GHSA-v829-j9rr-85v9
Affected version: <1.2.2
Reported by:
GitHub