3 matches found
CVE-2020-17372
SugarCRM before 10.1.0 Q3 2020 allows XSS...
CVE-2020-17372
SugarCRM prior to 10.1.0 (Q3 2020) is affected by reflected XSS vulnerabilities due to insufficient validation of client-side input. Exploitable via multiple vectors (e.g., do= metadata and current_step in Reports), allowing injected script execution in a victim’s browser. Affected versions: Suga...
SugarCRM Cross Site Scripting
SugarCRM 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities • Software Link: https://www.sugarcrm.com/ • Affected Versions: All versions prior to 10.1.0 Q3 2020. • Vulnerabilities Description: 1 User input passed through the “do” parameter when action is set to “metadata” is not...