Description

Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.

Remediation

References

CVE-2010-0465

Related Vulnerabilities

WordPress Plugin Copy or Move Comments Multiple Vulnerabilities (1.0.0)

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-30151)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.0)

WordPress Plugin AWSM Team-Team Showcase Local File Inclusion (1.3.1)

Magento Improper Authorization Vulnerability (CVE-2020-24405)

Severity

Medium

Classification

CVE-2010-0465 CWE-707

Tags

Missing Update Known Vulnerabilities