Description

Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

Remediation

References

CVE-2020-28956

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.19)

WordPress Plugin WP-Testimonials SQL Injection (3.4.1)

Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)

WordPress Plugin All Category SEO Updater Cross-Site Scripting (0.2.7)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1484)

Severity

Medium

Classification

CVE-2020-28956 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities