Vulnerability Details CVE-2010-0465
Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/38962
- http://www.securityfocus.com/archive/1/510116/100/0/threaded
- http://www.securityfocus.com/bid/38772
- http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa
- http://secunia.com/advisories/38962
- http://www.securityfocus.com/archive/1/510116/100/0/threaded
- http://www.securityfocus.com/bid/38772
- http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa
Products affected by CVE-2010-0465
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2.0g
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2a
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2c
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2d
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2e
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2f
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2g
-
cpe:2.3:a:sugarcrm:sugarcrm:5.2h
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5
-
cpe:2.3:a:sugarcrm:sugarcrm:5.5.0