ID CVE-2018-17784
Summary Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
exploit-db via4
description SugarCRM 6.5.26 - Cross-Site Scripting. CVE-2018-17784. Webapps exploit for PHP platform
file exploits/php/webapps/45594.txt
id EDB-ID:45594
last seen 2018-10-12
modified 2018-10-12
platform php
port 80
published 2018-10-12
reporter Exploit-DB
source https://www.exploit-db.com/download/45594/
title SugarCRM 6.5.26 - Cross-Site Scripting
type webapps
packetstorm via4
data source https://packetstormsecurity.com/files/download/149782/sugarcrm6526-xss.txt
id PACKETSTORM:149782
last seen 2018-10-13
published 2018-10-12
reporter Purplemet Security
source https://packetstormsecurity.com/files/149782/SugarCRM-6.5.26-Cross-Site-Scripting.html
title SugarCRM 6.5.26 Cross Site Scripting
refmap via4
misc https://twitter.com/purplemet/status/1043979681186369537
Last major update 10-10-2018 - 17:29
Published 10-10-2018 - 17:29
Last modified 14-10-2018 - 06:29
Back to Top