Cross-site Scripting (XSS) - Stored in salesagility/suitecrm-core
CVE-2023-3293

7.6HIGH

Key Information:

Vendor: Salesagility
Status: Salesagility/suitecrm-core
Vendor: CVE Published:; 16 June 2023

🔔 Create Salesagility Vulnerability Alert

What is CVE-2023-3293?

A stored Cross-Site Scripting (XSS) vulnerability exists in SuiteCRM versions prior to 8.3.0. This flaw allows attackers to inject malicious scripts into the application, which can be executed by unsuspecting users accessing the compromised content. Exploiting this vulnerability can lead to unauthorized actions, data exfiltration, and session hijacking, undermining the integrity and security of the application.

Affected Version(s)

salesagility/suitecrm-core < 8.3.0

References

https://huntr.dev/bounties/22cb0ee3-e5da-40e0-9d2c-ace9b7...

https://github.com/salesagility/suitecrm-core/commit/1f94...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
Jun 16, 2023