Description

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).

Remediation

References

CVE-2018-5715

Related Vulnerabilities

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.18)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.0)

Apache HTTP Server Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2009-1955)

WordPress Plugin SP Project & Document Manager Unspecified Vulnerability (2.6.2.5)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7923)

Severity

Medium

Classification

CVE-2018-5715 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities