Vulnerabilities > Sugarcrm > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2020-28955 | Cross-site Scripting vulnerability in Sugarcrm 6.5.18 SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. | 5.4 |
| 2021-10-22 | CVE-2020-28956 | Cross-site Scripting vulnerability in Sugarcrm 6.5.18 Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. | 5.4 |
| 2021-10-22 | CVE-2020-36501 | Cross-site Scripting vulnerability in Sugarcrm 6.5.18 Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. | 5.4 |
| 2020-08-12 | CVE-2020-17373 | SQL Injection vulnerability in Sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | 5.3 |
| 2020-08-12 | CVE-2020-17372 | Cross-site Scripting vulnerability in Sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows XSS. | 5.4 |
| 2019-08-14 | CVE-2019-14974 | Cross-site Scripting vulnerability in Sugarcrm 9.0.0 SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. | 6.1 |
| 2018-10-10 | CVE-2018-17784 | Cross-site Scripting vulnerability in Sugarcrm Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. | 6.1 |
| 2018-01-16 | CVE-2018-5715 | Cross-site Scripting vulnerability in Sugarcrm 3.5.1 phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). | 6.1 |
| 2017-09-17 | CVE-2017-14510 | Cross-site Scripting vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 6.1 |