CVE-2017-14510

Sažetak

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.

Reference

https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-008/
https://www.synology.com/support/security/Synology_SA_17_53_SugarCRM

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

30-12-2017 - 02:29

Objavljeno

17-09-2017 - 21:29