CVE-2018-17784 Information

Description

Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://twitter.com/purplemet/status/1043979681186369537 https://www.exploit-db.com/exploits/45594/ https://www.purplemet.com/blog/sugarcrm-multiple-xss-vulnerabilities

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1