CVE-2018-20816

2019-04-05T16:29:00
ID CVE-2018-20816
Type cve
Reporter cve@mitre.org
Modified 2019-04-09T14:41:00

Description

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.