CVE-2017-14510
Description
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.341
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-14508,CVE-2017-14509,CVE-2017-14510 are affected in SugarCRM 7.7.2.2 | Windows |
| Vulnerabilities CVE-2017-14508,CVE-2017-14509,CVE-2017-14510 are affected in SugarCRM 7.8.0.0 | Windows |
| Vulnerabilities CVE-2017-14508,CVE-2017-14509,CVE-2017-14510 are affected in SugarCRM 7.8.0.1 | Windows |
| Vulnerabilities CVE-2017-14508,CVE-2017-14509,CVE-2017-14510 are affected in SugarCRM 7.8.1.0 | Windows |
| Vulnerabilities CVE-2017-14508,CVE-2017-14509,CVE-2017-14510 are affected in SugarCRM 7.8.2.0 | Windows |
| Vulnerabilities CVE-2017-14508,CVE-2017-14509,CVE-2017-14510 are affected in SugarCRM 7.8.2.1 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234