CNNVD-202510-3564 Information

CNNVD ID

CNNVD-202510-3564

Related CVE

CVE-2025-41384

• CNNVD Published: 2025-10-27

Description (Chinese)

SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 7.14.1版本存在跨站脚本漏洞，该漏洞源于HTTP Referer标头中恶意JavaScript代码未被正确过滤，可能导致反射型跨站脚本攻击。

Description (English)

SuiteCRM is a customer relationship management system for the SuiteCRM team. Version 7.14.1 of SuiteCRM contains a cross-site script loophole, which stems from the fact that the malicious JavaScript code in the HTTP Referer flag was not properly filtered and could result in a reflector-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Published

2025-10-27

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-suitecrm