CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17319
https://notcve.org/view.php?id=CVE-2019-17319
07 Oct 2019 — SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. SugarCRM versiones anteriores a 8.0.4 y versiones 9.x anteriores a 9.0.2, permite la inyección SQL en el módulo Emails por parte de un usuario Regular. • https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2019-047 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14974 – SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14974
14 Aug 2019 — SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. SugarCRM Enterprise versión 9.0.0, permite un ataque de tipo XSS de mobile/error-not-support-platform.html? Desktop_url=. • https://www.exploit-db.com/exploits/47247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •