Lucene search

[email protected]NVD:CVE-2024-36413

HistoryJun 10, 2024 - 8:15 p.m.

CVE-2024-36413

2024-06-1020:15:14

CWE-79

[email protected]

web.nvd.nist.gov

suitecrm

open-source

crm

software

vulnerability

fixed

versions

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.1%

JSON

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected configurations

NVD

Node

salesagilitysuitecrmRange<7.14.4

salesagilitysuitecrmRange8.0.0–8.6.1

References

github.com/salesagility/SuiteCRM/security/advisories/GHSA-ph2c-hvvf-r273