Vulnerabilities > Sugarcrm > Sugarcrm > 3.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-17373 | SQL Injection vulnerability in Sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | 5.3 |
| 2020-08-12 | CVE-2020-17372 | Cross-site Scripting vulnerability in Sugarcrm SugarCRM before 10.1.0 (Q3 2020) allows XSS. | 3.5 |
| 2018-02-01 | CVE-2014-3244 | XXE vulnerability in Sugarcrm XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | 7.5 |
| 2018-01-16 | CVE-2018-5715 | Cross-site Scripting vulnerability in Sugarcrm 3.5.1 phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). | 4.3 |
| 2017-09-17 | CVE-2017-14510 | Cross-site Scripting vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 4.3 |
| 2017-09-17 | CVE-2017-14509 | Improper Input Validation vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 6.5 |
| 2017-09-17 | CVE-2017-14508 | SQL Injection vulnerability in Sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). | 6.5 |
| 2011-03-16 | CVE-2011-0745 | Improper Input Validation vulnerability in Sugarcrm SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | 4.0 |
| 2009-08-27 | CVE-2009-2978 | SQL Injection vulnerability in Sugarcrm SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |