Cross-Site Scripting (XSS) Vulnerabilities in SugarCRM v6.5.18 Sales Module

CVE-2020-28956 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

Learn more about our Web App Pen Testing.