7 matches found
SugarCRM Cross-Site Scripting (CVE-2018-17784)
A cross-site scripting vulnerability exists in SugarCRM 6.5.26. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
SugarCRM 6.5.26 - Cross-Site Scripting
SugarCRM 6.5.26 - Cross-Site Scripting Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...
SugarCRM 6.5.26 Cross Site Scripting
Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version: 6.5.26 Tested on: Ubuntu 16.04 CVE :...
SugarCRM 6.5.26 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...
SugarCRM 6.5.26 - Cross-Site Scripting
Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version: 6.5.26 Tested on: Ubuntu 16.04 CVE :...
CVE-2018-17784
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system...
CVE-2018-17784
CVE-2018-17784: SugarCRM Community Edition 6.5.26 contains multiple XSS vulnerabilities in YUI/FlashCanvas, via components such as uploader.swf, io.swf and flashcanvas.swf. An unauthenticated, remote attacker can inject arbitrary web scripts on a target system. Evidence across sources confirms th...