Lucene search

GitHub_MVULNRICHMENT:CVE-2024-36417

HistoryJun 10, 2024 - 7:55 p.m.

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

2024-06-1019:55:56

CWE-79

GitHub_M

github.com

suitecrm

stored xss

vulnerability

code execution

malicious iframe

cross-site scripting

fix

versions

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CNA Affected

[
  {
    "vendor": "salesagility",
    "product": "SuiteCRM",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.14.4"
      },
      {
        "status": "affected",
        "version": ">= 8.0.0, < 8.6.1"
      }
    ]
  }
]

References

github.com/salesagility/SuiteCRM/security/advisories/GHSA-3www-6rqc-rm7j

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for VULNRICHMENT:CVE-2024-36417