Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm
CVE-2023-6128

5.4MEDIUM

Key Information:

Vendor: salesagility
Status: salesagility/suitecrm
Vendor: CVE Published:; 14 November 2023

Summary

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Affected Version(s)

salesagility/suitecrm < 7.14.2, 7.12.14, 8.4.2

References

https://huntr.com/bounties/51406547-1961-45f2-a416-7f14fd...

https://github.com/salesagility/suitecrm/commit/54bc56c3b...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Nov 14, 2023

.

CVE-2023-6128 : Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm | SecurityVulnerability.io