Description

Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

Remediation

References

CVE-2020-28956

Related Vulnerabilities

Magento CVE-2019-7876 Vulnerability (CVE-2019-7876)

Oracle Database Server CVE-2013-3826 Vulnerability (CVE-2013-3826)

WordPress Plugin WP Booking System Multiple Vulnerabilities (1.5.1)

WordPress Plugin WP Support Plus Responsive Ticket System Privilege Escalation (7.1.4)

Oracle Database Server CVE-2015-4900 Vulnerability (CVE-2015-4900)

Severity

Medium

Classification

CVE-2020-28956 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities