Salesagility: Security Vulnerabilities
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-04-05
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-04-02
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-09-26
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
CVSS Score
8.1
EPSS Score
0.027
Published
2017-09-06
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
CVSS Score
8.1
EPSS Score
0.045
Published
2017-09-06
Page 11