Description

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).

Remediation

References

CVE-2018-5715

Related Vulnerabilities

WordPress Plugin ToolBar to Share Cross-Site Request Forgery (2.0)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)

WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability (0.6.2 - 2.0.6)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Security Bypass (0.9.97.19)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-32621)

Severity

Medium

Classification

CVE-2018-5715 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities