Lucene search

GitHub_MCVELIST:CVE-2024-36417

HistoryJun 10, 2024 - 7:55 p.m.

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

2024-06-1019:55:56

CWE-79

GitHub_M

www.cve.org

suitecrm

xss

code execution

malicious iframe

cross-site scripting

security vulnerability

open-source

crm

software application

versions 7.14.4

8.6.1

fix

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CNA Affected

[
  {
    "vendor": "salesagility",
    "product": "SuiteCRM",
    "versions": [
      {
        "version": "< 7.14.4",
        "status": "affected"
      },
      {
        "version": ">= 8.0.0, < 8.6.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/salesagility/SuiteCRM/security/advisories/GHSA-3www-6rqc-rm7j

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVELIST:CVE-2024-36417