CVE-2020-28956: XSS
First published: Fri Oct 22 2021(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | =6.5.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-28956?
CVE-2020-28956 is a vulnerability that allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary or alternate address state input fields in the Sales module of SugarCRM v6.5.18.
What is the severity of CVE-2020-28956?
CVE-2020-28956 has a severity rating of medium, with a score of 5.4 (based on the CVSS v3.1 scoring system).
How can attackers exploit CVE-2020-28956?
Attackers can exploit CVE-2020-28956 by submitting crafted payloads in the primary or alternate address state input fields, which can execute arbitrary web scripts or HTML.
Is there a fix for CVE-2020-28956?
Yes, applying the latest update or patch provided by SugarCRM can fix the CVE-2020-28956 vulnerability.
Where can I find more information about CVE-2020-28956?
You can find more information about CVE-2020-28956 at the following reference link: [https://www.vulnerability-lab.com/get_content.php?id=2249]
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/sugarcrm
- canonical/sugarcrm sugarcrm
- version/sugarcrm sugarcrm/6.5.18