Description

Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

Remediation

References

CVE-2020-36501

Related Vulnerabilities

WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)

WordPress Plugin White Label CMS PHP Object Injection (2.4)

MediaWiki Incorrect Authorization Vulnerability (CVE-2023-22945)

osCommerce Other Vulnerability (CVE-2004-2638)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Arbitrary File Upload (3.0.2)

Severity

Medium

Classification

CVE-2020-36501 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities