Sugarcrm@* Security Vulnerabilities and Issues — Sugarcrm@* CVE List

Lucene search

SugarcrmSugarcrm*

4 matches found

CVE•added 2018/10/10 9:29 p.m.•49 views

CVE-2018-17784

Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

6.1CVSS6AI score0.04408EPSS

Web

CVE•added 2017/09/17 9:29 p.m.•42 views

CVE-2017-14510

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating...

6.1CVSS6.8AI score0.00341EPSS

CVE•added 2009/06/22 2:30 p.m.•41 views

CVE-2009-2146

Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct req...

6CVSS7.5AI score0.07722EPSS

CVE•added 2006/12/23 1:28 a.m.•36 views

CVE-2006-6712

Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

6.8CVSS5.7AI score0.01275EPSS