CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20816
https://notcve.org/view.php?id=CVE-2018-20816
05 Apr 2019 — An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. Una vulnerabilidad de Cross-Site Scripting (XSS) combinada con una de Cross-Site Request Forgery (CSRF) descubierta en SalesAgility SuiteCRM, en las versiones 7.x anteriores a la 7.8.24, y en las 7.10.x... • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6506
https://notcve.org/view.php?id=CVE-2019-6506
02 Apr 2019 — SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. SalesAgility SuiteCRM 7.11.0 permite una inyección SQL. • https://docs.suitecrm.com/admin/releases/#anchor-7.10.11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15606
https://notcve.org/view.php?id=CVE-2018-15606
26 Sep 2018 — An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. Se ha descubierto un problema de Cross-Site Scripting (XSS) en SalesAgility SuiteCRM en versiones 7.x anteriores a la 7.8.21 y versiones 7.10.x anteriores a la 7.10.8, relacionado con la suplantación de un mensaje de error. • https://docs.suitecrm.com/admin/releases/#anchor-7.10.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 2CVE-2015-5947
https://notcve.org/view.php?id=CVE-2015-5947
06 Sep 2017 — SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. SuiteCRM, en versiones anteriores a la 7.2.3, permite que atacantes remotos ejecuten código arbitrario. • http://www.openwall.com/lists/oss-security/2015/08/06/6 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2015-5948
https://notcve.org/view.php?id=CVE-2015-5948
06 Sep 2017 — Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. Una condición de carrera en versiones anteriores a la 7.2.3 de SuiteCRM permite que atacantes remotos ejecuten código arbitrario. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-5947. • http://www.openwall.com/lists/oss-security/2015/08/06/6 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •