Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
References
Link | Resource |
---|---|
https://twitter.com/purplemet/status/1043979681186369537 | Third Party Advisory |
https://www.exploit-db.com/exploits/45594/ | Exploit Third Party Advisory VDB Entry |
https://www.purplemet.com/blog/sugarcrm-multiple-xss-vulnerabilities |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-10T21:00:00
Updated: 2020-03-13T18:53:04
Reserved: 2018-09-29T00:00:00
Link: CVE-2018-17784
JSON object: View
NVD Information
Status : Modified
Published: 2018-10-10T21:29:02.430
Modified: 2020-03-13T19:15:14.337
Link: CVE-2018-17784
JSON object: View
Redhat Information
No data.
CWE