Описание
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.10.35 (исключая)Версия от 7.11.0 (включая) до 7.12.2 (исключая)
Одно из
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00386
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 4 лет назад
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
EPSS
Процентиль: 59%
0.00386
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79