CVE-2018-20816
N/A
N/A
Summary
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/salesagility/SuiteDocs/pull/198/files
- https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11
- https://docs.suitecrm.com/admin/releases/7.8.x/#_7_8_24
References
- https://github.com/salesagility/SuiteDocs/pull/198/files
- https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11
- https://docs.suitecrm.com/admin/releases/7.8.x/#_7_8_24
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.