Cross-site scripting in SuiteCRM - CVE-2018-15606
Published: September 26, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31201
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-15606
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SalesAgility
Affected software:
SuiteCRM
SuiteCRM
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.
How to mitigate CVE-2018-15606
Install update from vendor's website.