CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15606
https://notcve.org/view.php?id=CVE-2018-15606
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. Se ha descubierto un problema de Cross-Site Scripting (XSS) en SalesAgility SuiteCRM en versiones 7.x anteriores a la 7.8.21 y versiones 7.10.x anteriores a la 7.10.8, relacionado con la suplantación de un mensaje de error. • https://docs.suitecrm.com/admin/releases/#anchor-7.10.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 2CVE-2015-5947
https://notcve.org/view.php?id=CVE-2015-5947
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. SuiteCRM, en versiones anteriores a la 7.2.3, permite que atacantes remotos ejecuten código arbitrario. • http://www.openwall.com/lists/oss-security/2015/08/06/6 https://github.com/XiphosResearch/exploits/tree/master/suiteshell https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5 https://github.com/salesagility/SuiteCRM/issues/333 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 1CVE-2015-5948
https://notcve.org/view.php?id=CVE-2015-5948
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. Una condición de carrera en versiones anteriores a la 7.2.3 de SuiteCRM permite que atacantes remotos ejecuten código arbitrario. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-5947. • http://www.openwall.com/lists/oss-security/2015/08/06/6 https://github.com/XiphosResearch/exploits/tree/master/suiteshell https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5 https://github.com/salesagility/SuiteCRM/issues/333 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •