CVE Vulnerability

CVE-2018-20816

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/salesagility/SuiteDocs/pull/198/files Patch Third Party Advisory
https://docs.suitecrm.com/admin/releases/7.8.x/#_7_8_24 Release Notes Vendor Advisory
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11 Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Information

Published : 2019-04-05 04:29

Updated : 2021-07-22 03:50

NVD link : CVE-2018-20816

Mitre link : CVE-2018-20816

Products Affected
No products.
CWE
CWE-352

CWE-79