RSS   Vulnerabilities for 'Suitecrm'   RSS

2020-11-18
 
CVE-2020-14208

CWE-79
 

 
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.

 
2020-03-16
 
CVE-2020-8787

CWE-20
 

 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.

 
 
CVE-2020-8786

CWE-89
 

 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).

 
 
CVE-2020-8785

CWE-89
 

 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).

 
 
CVE-2020-8784

CWE-89
 

 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).

 
 
CVE-2020-8783

CWE-89
 

 
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).

 
2020-02-13
 
CVE-2020-8803

CWE-22
 

 
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.

 
 
CVE-2020-8802

CWE-89
 

 
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.

 
 
CVE-2020-8801

CWE-74
 

 
SuiteCRM through 7.11.11 allows PHAR Deserialization.

 
 
CVE-2020-8800

CWE-74
 

 
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.

 


Copyright 2020, cxsecurity.com

 

Back to Top