VULHUB ™

SugarCRM is prone to multiple cross-site scripting vulnerabilities. These issues are exposed through various URI parameters of the 'index.php' script. The affected parameters are not adequately sanitized of HTML and script code before being output into dynamically generated pages. An attacker could exploit these issues by enticing a victim user into following a malicious link that contains hostile HTML and script code. This could be exploited to steal cookie-based authentication credentials. The discoverer of these issues stated that some of the issues could theoretically allow for execution of arbitrary PHP code, though has not provided further information as to how this is possible.

SugarCRM is prone to multiple cross-site scripting vulnerabilities. These issues are exposed through various URI parameters of the 'index.php' script. The affected parameters are not adequately sanitized of HTML and script code before being output into dynamically generated pages. An attacker could exploit these issues by enticing a victim user into following a malicious link that contains hostile HTML and script code. This could be exploited to steal cookie-based authentication credentials. The discoverer of these issues stated that some of the issues could theoretically allow for execution of arbitrary PHP code, though has not provided further information as to how this is possible.