CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20816
https://notcve.org/view.php?id=CVE-2018-20816
05 Apr 2019 — An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. Una vulnerabilidad de Cross-Site Scripting (XSS) combinada con una de Cross-Site Request Forgery (CSRF) descubierta en SalesAgility SuiteCRM, en las versiones 7.x anteriores a la 7.8.24, y en las 7.10.x... • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15606
https://notcve.org/view.php?id=CVE-2018-15606
26 Sep 2018 — An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. Se ha descubierto un problema de Cross-Site Scripting (XSS) en SalesAgility SuiteCRM en versiones 7.x anteriores a la 7.8.21 y versiones 7.10.x anteriores a la 7.10.8, relacionado con la suplantación de un mensaje de error. • https://docs.suitecrm.com/admin/releases/#anchor-7.10.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •