cnvd - cnvd-2021-83554

cnvd-2021-83554

Vulnerability from cnvd

Title: Sugarcrm SugarCRM跨站脚本漏洞

Description:

Sugarcrm SugarCRM是美国SugarCRM（Sugarcrm）公司的一套开源的客户关系管理系统（CRM）。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索，实现销售代表的信息共享和追踪。

SugarCRM存在安全漏洞，攻击者可利用该漏洞可以通过进入主地址状态或备用地址状态输入字段的手工有效负载执行任意web脚本或HTML。

Severity: 低

Formal description:

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://www.vulnerability-lab.com/get_content.php?id=2249

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-28956

Impacted products

Name
Sugarcrm SugarCRM 6.5.18

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-28956"
    }
  },
  "description": "Sugarcrm SugarCRM\u662f\u7f8e\u56fdSugarCRM\uff08Sugarcrm\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7cfb\u7edf\uff08CRM\uff09\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u5bf9\u4e0d\u540c\u7684\u5ba2\u6237\u9700\u6c42\u8fdb\u884c\u5dee\u5f02\u5316\u8425\u9500\u3001\u7ba1\u7406\u548c\u5206\u914d\u9500\u552e\u7ebf\u7d22\uff0c\u5b9e\u73b0\u9500\u552e\u4ee3\u8868\u7684\u4fe1\u606f\u5171\u4eab\u548c\u8ffd\u8e2a\u3002\n\nSugarCRM\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u901a\u8fc7\u8fdb\u5165\u4e3b\u5730\u5740\u72b6\u6001\u6216\u5907\u7528\u5730\u5740\u72b6\u6001\u8f93\u5165\u5b57\u6bb5\u7684\u624b\u5de5\u6709\u6548\u8d1f\u8f7d\u6267\u884c\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.vulnerability-lab.com/get_content.php?id=2249",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-83554",
  "openTime": "2021-10-26",
  "products": {
    "product": "Sugarcrm SugarCRM 6.5.18"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-28956",
  "serverity": "\u4f4e",
  "submitTime": "2021-10-26",
  "title": "Sugarcrm SugarCRM\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2020-28956 (GCVE-0-2020-28956)

Vulnerability from cvelistv5

Published

2021-10-22 19:20

Modified

2024-08-04 16:48

Severity ?

CWE

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

References

▼	URL	Tags
	https://www.vulnerability-lab.com/get_content.php?id=2249	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:01.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vulnerability-lab.com/get_content.php?id=2249"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-22T19:20:18",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vulnerability-lab.com/get_content.php?id=2249"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28956",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vulnerability-lab.com/get_content.php?id=2249",
              "refsource": "MISC",
              "url": "https://www.vulnerability-lab.com/get_content.php?id=2249"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28956",
    "datePublished": "2021-10-22T19:20:18",
    "dateReserved": "2020-11-19T00:00:00",
    "dateUpdated": "2024-08-04T16:48:01.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted