12 matches found
BIT-SUITECRM-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...
SuiteCRM Open Redirect Vulnerability
SuiteCRM is a free open source customer relationship management application. An open redirection vulnerability exists in the Documents module in SuiteCRM 7.11.13 and earlier versions. An attacker can exploit this vulnerability to redirect users to arbitrary URLs via specially crafted SVG document...
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...
Cross site scripting
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...
CVE-2020-15301
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation...
Sql injection
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation...
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...
CVE-2020-14208
SuiteCRM 7.11.13 is affected by a stored Cross-Site Scripting (XSS) vulnerability in the Documents preview feature. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the Documents preview workflow. Root cause described across sources is stored XSS in the D...
CVE-2020-15300
CVE-2020-15300 affects SuiteCRM up to version 7.11.13, with an Open Redirect in the Documents module triggered by a crafted SVG document. The underlying issue is an input/redirect handling weakness in the Documents feature, enabling a user-assisted redirect to an arbitrary URL. Impact is describe...
CVE-2020-15301
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation...
CVE-2020-15301
SuiteCRM is affected by a CSV Injection vulnerability (Formula Injection) in the Accounts module. OSV records describe affected versions v7.11.18–v7.11.19 and v7.10.29–v7.10.31, where a low-privileged attacker can inject payloads into input fields; when an administrator exports data to CSV from t...