CVE-2018-20816
Summary
| CVE | CVE-2018-20816 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-05 16:29:00 UTC |
| Updated | 2021-07-22 15:50:00 UTC |
| Description | An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. |
Risk And Classification
Problem Types: CWE-352 | CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Salesagility | Suitcrm | All | All | All | All |
| Application | Salesagility | Suitcrm | All | All | All | All |
| Application | Salesagility | Suitecrm | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 7.10.x Releases :: Docs | MISC | docs.suitecrm.com | Release Notes, Vendor Advisory |
| Update Releases (7.10.11) .adoc by cameronblaikie · Pull Request #198 · salesagility/SuiteDocs · GitHub | MISC | github.com | Patch, Third Party Advisory |
| 7.8.x Releases :: Docs | MISC | docs.suitecrm.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.