cvedb.io
CVE-2021-39198
MEDIUM · CVSS 4.2
EPSS exploitation probability: 0%
Published 2021-11-19T22:15:07.450 · Last modified 2026-06-17T04:03:17.730

Summary

OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.

Affected products

oroinc — client_relationship_management

Does this affect you?

Add your gear to cvedb and we'll alert you only when oroinc ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.