Cross-site Scripting (XSS) - Stored in salesagility/suitecrm
CVE-2023-5351

8.9HIGH

Key Information:

Vendor
Salesagility
Status
Salesagility/suitecrm
Vendor
CVE Published:
3 October 2023

Summary

A stored Cross-site Scripting (XSS) vulnerability exists in SuiteCRM, impacting users prior to version 7.14.1. This security weakness allows an attacker to inject malicious scripts into the application, which can then be executed in the context of another user's browser, potentially leading to data theft, session hijacking, and other malicious activities. Developers are encouraged to update to the latest version to protect against this vulnerability and ensure the integrity of their applications.

Affected Version(s)

salesagility/suitecrm < 7.14.1

References

https://huntr.dev/bounties/f7c7fcbc-5421-4a29-9385-346a1c...
https://github.com/salesagility/suitecrm/commit/c43eaa311...

CVSS V3.1

Score:
8.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-5351 : Cross-site Scripting (XSS) - Stored in salesagility/suitecrm | SecurityVulnerability.io