Vulnerabilities > Sugarcrm > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2020-36501 | Cross-site Scripting vulnerability in Sugarcrm 6.5.18 Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. | 3.5 |
| 2021-10-22 | CVE-2020-28956 | Cross-site Scripting vulnerability in Sugarcrm 6.5.18 Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. | 3.5 |
| 2021-10-22 | CVE-2020-28955 | Cross-site Scripting vulnerability in Sugarcrm 6.5.18 SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. | 3.5 |
| 2020-08-12 | CVE-2020-17372 | Cross-site Scripting vulnerability in Sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows XSS. | 3.5 |