CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36501
https://notcve.org/view.php?id=CVE-2020-36501
22 Oct 2021 — Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el módulo de Soporte de SugarCRM versión v6.5.18, permiten a atacantes ejecutar scripts web arbitrarios o HTML por medio de cargas útiles diseñadas introducidas en los campos de entrada primary ... • https://www.vulnerability-lab.com/get_content.php?id=2249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-7472
https://notcve.org/view.php?id=CVE-2020-7472
12 Nov 2020 — An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.). Una omisión de autorización y una vulnerabilidad de inclusión de archivos locales PHP en el componente de instalación de SugarCRM versiones anteriores a 8.0, ... • https://support.sugarcrm.com/Documentation/Sugar_Versions/10.0/Pro/Sugar_10.0.0_Release_Notes • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 3CVE-2020-17373 – SugarCRM SQL Injection
https://notcve.org/view.php?id=CVE-2020-17373
12 Aug 2020 — SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. SugarCRM versiones anteriores a 10.1.0 (el Q3 2020), permite una inyección SQL SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/158848 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2020-17372 – SugarCRM Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-17372
12 Aug 2020 — SugarCRM before 10.1.0 (Q3 2020) allows XSS. SugarCRM versiones anteriores a 10.1.0 (el Q3 2020), permite un ataque de tipo XSS SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/158847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17292
https://notcve.org/view.php?id=CVE-2019-17292
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en el módulo pmse_Inbox por parte de un usuario Admin. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17293
https://notcve.org/view.php?id=CVE-2019-17293
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en el módulo pmse_Project por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-020 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17294
https://notcve.org/view.php?id=CVE-2019-17294
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en la función export por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17295
https://notcve.org/view.php?id=CVE-2019-17295
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en la función history por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17296
https://notcve.org/view.php?id=CVE-2019-17296
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en el módulo Contacts por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-023 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17297
https://notcve.org/view.php?id=CVE-2019-17297
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en el módulo Quotes por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •