Sugarcrm: >> Sugarcrm >> 5.5.0 Security Vulnerabilities
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
CVSS Score
4.0
EPSS Score
0.06
Published
2011-03-16
Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-03-19