Cross-site Scripting (XSS) - Stored in salesagility/suitecrm-core
CVE-2023-3293

7.6HIGH

Key Information:

Vendor
Salesagility
Status
Salesagility/suitecrm-core
Vendor
CVE Published:
16 June 2023

Summary

A stored Cross-Site Scripting (XSS) vulnerability exists in SuiteCRM versions prior to 8.3.0. This flaw allows attackers to inject malicious scripts into the application, which can be executed by unsuspecting users accessing the compromised content. Exploiting this vulnerability can lead to unauthorized actions, data exfiltration, and session hijacking, undermining the integrity and security of the application.

Affected Version(s)

salesagility/suitecrm-core < 8.3.0

References

https://huntr.dev/bounties/22cb0ee3-e5da-40e0-9d2c-ace9b7...
https://github.com/salesagility/suitecrm-core/commit/1f94...

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-3293 : Cross-site Scripting (XSS) - Stored in salesagility/suitecrm-core | SecurityVulnerability.io