CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41384

Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but will allow the JavaScript code to execute.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.3%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-suitecrm

Products affected by CVE-2025-41384

Salesagility » Suitecrm » Version: 7.14.1

cpe:2.3:a:salesagility:suitecrm:7.14.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41384

Products

Pricing

Contact Us