exploitDog

CVE-2020-28956

Опубликовано: 22 окт. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

Ссылки

https://www.vulnerability-lab.com/get_content.php?id=2249
Exploit
Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2249
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sugarcrm:sugarcrm:6.5.18:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hj65-7whr-v2r6

github

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79