CVE-2017-14510 Information
Feb 14, 2021
cve
Description
An issue was discovered in SugarCRM before 7.7.2.3 7.8.x before 7.8.2.2 and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/ https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-008/ https://www.synology.com/support/security/Synology_SA_17_53_SugarCRM
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: