SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame
CVE-2024-36417

9CRITICAL

Key Information:

Vendor: Salesagility
Status: Suitecrm
Vendor: CVE Published:; 10 June 2024

Summary

SuiteCRM, an open-source Customer Relationship Management (CRM) software developed by SalesAgility, has a known vulnerability that allows unverified IFrames to be inserted into certain input fields. This issue, present in versions prior to 7.14.4 and 8.6.1, could facilitate cross-site scripting (XSS) attacks, posing security risks by potentially allowing malicious actors to execute arbitrary scripts in the context of an authenticated user’s session. It is essential for users of affected versions to update to the patched versions 7.14.4 or 8.6.1 to mitigate this risk. More details regarding the advisory can be found on GitHub.

Affected Version(s)

SuiteCRM < 7.14.4 < 7.14.4

SuiteCRM >= 8.0.0, < 8.6.1 < 8.0.0, 8.6.1

References

https://github.com/salesagility/SuiteCRM/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2024