Vulnerabilities > Sugarcrm

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46815 Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2.
network
low complexity
sugarcrm CWE-434
8.8
8.8
2023-10-27 CVE-2023-46816 Code Injection vulnerability in Sugarcrm
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2.
network
low complexity
sugarcrm CWE-94
8.8
8.8
2023-06-17 CVE-2023-35808 Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-434
8.8
8.8
2023-06-17 CVE-2023-35809 Unspecified vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm
8.8
8.8
2023-06-17 CVE-2023-35810 Injection vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-74
7.2
7.2
2023-06-17 CVE-2023-35811 SQL Injection vulnerability in Sugarcrm 11.0.0/12.0.0
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.
network
low complexity
sugarcrm CWE-89
8.8
8.8
2023-01-11 CVE-2023-22952 Improper Input Validation vulnerability in Sugarcrm 11.0.0/12.0.0
In SugarCRM before 12.0.
network
low complexity
sugarcrm CWE-20
8.8
8.8
2021-10-22 CVE-2020-28955 Cross-site Scripting vulnerability in Sugarcrm 6.5.18
SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module.
network
low complexity
sugarcrm CWE-79
5.4
5.4
2021-10-22 CVE-2020-28956 Cross-site Scripting vulnerability in Sugarcrm 6.5.18
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
network
low complexity
sugarcrm CWE-79
5.4
5.4
2021-10-22 CVE-2020-36501 Cross-site Scripting vulnerability in Sugarcrm 6.5.18
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
network
low complexity
sugarcrm CWE-79
5.4
5.4