CVE-2020-36501: XSS
First published: Fri Oct 22 2021(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sugarcrm Sugarcrm | =6.5.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for these cross-site scripting (XSS) vulnerabilities in SugarCRM?
The vulnerability ID is CVE-2020-36501.
What is the severity rating of CVE-2020-36501?
The severity rating of CVE-2020-36501 is medium, with a CVSS score of 5.4.
Which version of SugarCRM is affected by CVE-2020-36501?
The version affected by CVE-2020-36501 is SugarCRM v6.5.18.
How can attackers exploit CVE-2020-36501?
Attackers can exploit CVE-2020-36501 by entering crafted payloads into the primary address state or alternate address state input fields in the Support module of SugarCRM.
Is there a fix available for CVE-2020-36501?
Yes, it is recommended to upgrade to a patched version of SugarCRM to mitigate CVE-2020-36501.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/sugarcrm
- canonical/sugarcrm sugarcrm
- version/sugarcrm sugarcrm/6.5.18