Vulnerabilities > Sugarcrm > Sugarcrm > 6.5.21

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-17373 SQL Injection vulnerability in Sugarcrm
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
network
high complexity
sugarcrm CWE-89
5.3
5.3
2020-08-12 CVE-2020-17372 Cross-site Scripting vulnerability in Sugarcrm
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
network
sugarcrm CWE-79
3.5
3.5
2018-10-10 CVE-2018-17784 Cross-site Scripting vulnerability in Sugarcrm
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
network
sugarcrm CWE-79
4.3
4.3
2017-09-17 CVE-2017-14510 Cross-site Scripting vulnerability in Sugarcrm
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26).
network
sugarcrm CWE-79
4.3
4.3
2017-09-17 CVE-2017-14509 Improper Input Validation vulnerability in Sugarcrm
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26).
network
low complexity
sugarcrm CWE-20
6.5
6.5
2017-09-17 CVE-2017-14508 SQL Injection vulnerability in Sugarcrm
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26).
network
low complexity
sugarcrm CWE-89
6.5
6.5